9242 matches found
Important: Red Hat Security Advisory: OpenShift Container Platform 4.1.18 logging-elasticsearch5 security update
An update for logging-elasticsearch5-container is now available for Red Hat OpenShift Container Platform 4.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2019-4262
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery SSRF. This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 160014...
CVE-2019-4262
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery SSRF. This may allow an unauthenticated attacker to send unauthorized requests from the QRadar system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 160014...
Exploit for Server-Side Request Forgery in Atlassian Jira_Server
CVE-2019-8451 Jira未授权SSRF漏洞 python usage python CVE-2019...
Server side request forgery (ssrf)
In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request...
CVE-2019-6837
A Server-Side Request Forgery SSRF: CWE-918 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could cause server...
CVE-2019-6837
CVE-2019-6837 describes a Server-Side Request Forgery (SSRF) in Schneider Electric’s U.motion Server family (MEG6501-0001 U.motion KNX server; MEG6501-0002 U.motion KNX Server Plus; MEG6260-0410 U.motion KNX Server Plus; Touch 10; MEG6260-0415 Touch 15). The flaw allows an attacker to cause the s...
Server side request forgery (ssrf)
The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.4.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery SSRF vulnerability due to a logic bug in the JiraWhitelist class...
CVE-2019-8451
CVE-2019-8451 affects Jira Server before 8.4.0 with an SSRF in the /plugins/servlet/gadgets/makeRequest endpoint due to a logic bug in JiraWhitelist. An attacker can cause Jira to fetch internal resources and return their responses, enabling access to internal network content. The weakness is pre...
CVE-2019-12632
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker...
CVE-2019-12633
A vulnerability in Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the...
Server side request forgery (ssrf)
A vulnerability in Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the...
Server side request forgery (ssrf)
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker...
CVE-2019-12632 Cisco Finesse Request Processing Server-Side Request Forgery Vulnerability
A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on an affected system. The vulnerability exists because the affected system does not properly validate user-supplied input. An attacker...
CVE-2019-12633 Cisco Unified Contact Center Express Request Processing Server-Side Request Forgery Vulnerability
A vulnerability in Cisco Unified Contact Center Express Unified CCX could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery SSRF attack on a targeted system. The vulnerability is due to improper validation of user-supplied input on the...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Kubernetes Integration Server-Side Request Forgery Server-Side Request Forgery in Jira Integration Improved Protection Against Credential Stuffing Attacks Markdown Clientside Resource Exhaustion Pipeline Status Disclosure Group Runner Authorization Issue CI Metrics Disclosure User...
Cisco TelePresence VCS / Expressway Series < 12.5 REST API Server-Side Request Forgery Vulnerability
According to its self-reported version number, the Cisco TelePresence VCS or Expressway Series on the remote host contains a vulnerability in the web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS software could allow an authenticated, remote attacker t...
Cisco TelePresence Conductor REST API Server-Side Request Forgery Vulnerability
According to its self-reported version number, remote Cisco TelePresence Conductor device is affected by a server-side request forgery vulnerability which could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. Note that an attacker...
CVE-2019-11897
A Server-Side Request Forgery SSRF vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to rea...
CVE-2019-11897 Server-side request forgery in the backup & restore functionality of ProSyst mBS SDK and Bosch IoT Gateway Software
A Server-Side Request Forgery SSRF vulnerability in the backup & restore functionality in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.3.0 allows a remote attacker to forge GET requests to arbitrary URLs. In addition, this could potentially allow an attacker to rea...