9247 matches found
CVE-2020-4101
"HCL Digital Experience is susceptible to Server Side Request Forgery."...
Server side request forgery (ssrf)
"HCL Digital Experience is susceptible to Server Side Request Forgery."...
CVE-2020-6275
SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce...
CVE-2020-6275
SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce...
CVE-2020-6275
Concrete details available: SAP NetWeaver AS ABAP (versions 700–754) is vulnerable to Server-Side Request Forgery via improper path names in import/export of sessions, allowing the web server to authenticate to a malicious server; NTLM exposure can compromise confidentiality, integrity, and avail...
PT-2020-19068 · Sap · Sap Netweaver As Abap
Name of the Vulnerable Software and Affected Versions: SAP Netweaver AS ABAP versions 700 through 754 Description: The issue allows an attacker to perform a Server Side Request Forgery Attack by using inappropriate path names containing malicious server names in the import/export of sessions...
Server Side Request Forgery (SSRF)
github.com/kubernetes/kubernetes is vulnerable to Server Side Request Forgery SSRF. An attacker with a privilege to create a pod with certain built-in Volume types GlusterFS, Quobyte, StorageFS, ScaleIO or to create a StorageClass can cause an authenticated user to leak the resources from the...
CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...
CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...
CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...
Lark Technologies: Stored XSS & SSRF in Lark Docs
A stored XSS cross site scripting vulnerability was discovered in Lark Docs that could be escalated into a Server Side Request Forgery SSRF vulnerability if opened in a headless browser on the Lark server. The vulnerability has been resolved. We thank @mike12 for reporting this to our team and...
CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...
CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...
Node.js third-party modules: [Uppy] Internal Server side request forgery (bypass of #786956)
I would like to report Internal Server-side request forgery in Uppy It allows the attacker to easily extract information from internal servers Module module name: Uppy version:1.15.0 npm page: https://www.npmjs.com/package/uppy Module Description Uppy is a sleek, modular JavaScript file uploader...
Server-Side Request Forgery (SSRF)
github.com/grafana/grafana is vulnerable to server-side request forgery. An unauthenticated remote attacker is able to submit requests on behalf of the server and obtain the response via the avatar URL. This allows the attacker to access and obtain information within the internal network or perfo...
PT-2020-5961 · Grafana +4 · Grafana +4
Name of the Vulnerable Software and Affected Versions: Grafana versions 3.0.1 through 7.0.1 Description: The avatar feature in Grafana has an SSRF Incorrect Access Control issue, allowing any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the...
Oracle WebLogic UDDI Explorer Server-Side Request Forgery
The Oracle WebLogic UDDI Explorer service in Oracle Fusion Middleware versions 10.0.2 and 10.3.6 is affected by a server-side request forgery vulnerability due to the lack of validation of the operator parameter in the SearchPublicRegistries.jsp page. A remote and unauthenticated attacker can...
Security Bulletin: Security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2020-4365)
Summary WebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in...
Debian DLA-2211-1 : log4net security update
It was discovered that there was an XML external entity vulnerability in log4net, a logging API for the ECMA Common Language Infrastructure CLI, sometimes referred to as 'Mono'. This type of attack occurs when XML input containing a reference to an internet-faced entity is processed by a weakly...
Security Bulletin: WebSphere Application Server shipped with IBM WebSphere Application Server Patterns is vulnerable to a server-side request forgery vulnerability (CVE-2020-4365)
Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed i...