49 matches found
Owncast - Server Side Request Forgery
Server-Side Request Forgery SSRF in GitHub repository owncast/owncast prior to 0.1.0. id: CVE-2023-3188 info: name: Owncast - Server Side Request Forgery author: DhiyaneshDk severity: medium description: | Server-Side Request Forgery SSRF in GitHub repository owncast/owncast prior to 0.1.0. impac...
EUVD-2021-9861
Malicious code in bioql PyPI...
CVE-2023-48786
A server-side request forgery vulnerability CWE-918 in Fortinet FortiClientEMS version 7.4.0 through 7.4.2 and before 7.2.6 may allow an authenticated attacker to perform internal requests via crafted HTTP or HTTPS requests...
Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge.
Summary IBM Rational Build Forge 8.0.0.27 addresses multiple vulnerabilites Vulnerability Details CVEID:CVE-2024-40898 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by an error on Windows with modrewrite in server/vhost context. By sending a specially crafte...
Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation and may result in server-side request forgery (CVE-2024-39338).
Summary A vulnerability in axios affects IBM Robotic Process Automation and may result in server-side request forgery. Axios is used by IBM Robotic Process Automation as part of the Carbon UI framework. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerability...
Security Bulletin: Security Vulnerabilities in base image packages affect IBM Voice Gateway
Summary Security Vulnerabilities in base image packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processe...
Security Bulletin: IBM QRadar Pre-Validation App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that might be identified and exploited with automated tools. IBM has addressed the vulnerabilities. This product is only used by IBM QRadar SIEM app developers and external business partners and is not relevant for users...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in axios
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of axios. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relative URLs...
Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to server-side request forgery due to Apache CXF
Summary This security bulletin addresses the vulnerabilitiy in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager CVE-2024-32007, CVE-2024-29736. IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementatio...
Security Bulletin: IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below.
Summary IBM Edge Application Manager 4.5.8 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol...
Security Bulletin: A vulnerability in HashiCorp Consul affects IBM Robotic Process Automation and may result in server-side request forgery (CVE-2022-29153).
Summary A vulnerability in HashiCorp Consul affects IBM Robotic Process Automation and may result in server-side request forgery. This bulletin identifies the security fix to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-29153 DESCRIPTION: HashiCorp Consul and HashiCorp...
CVE-2024-45119 Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection ...
CVE-2024-45119 Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection ...
CVE-2024-45119
CVE-2024-45119 affects Adobe Commerce (Magento) versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier, exposing a server-side request forgery (SSRF) that can lead to arbitrary file system reads. An admin-privileged, authenticated attacker can induce the application to make arbitrary HTTP r...
GHSA-P9CG-VQCC-GRCX Server Side Request Forgery (SSRF) attack in Fedify
Summary At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has received from the web. This activity could reference an @id that points to an internal IP address,...
Server Side Request Forgery (SSRF) attack in Fedify
Summary At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has received from the web. This activity could reference an @id that points to an internal IP address,...
CVE-2024-31288
CVE-2024-31288 is a Server-Side Request Forgery (SSRF) in RapidLoad Power-Up for Autoptimize. The vulnerability is described as unauthenticated, with network access required and low impact on confidentiality/integrity and no impact on availability, per CVSS 3.1 metrics. Affected scope is RapidLoa...
CVE-2024-27775 SysAid - CWE-918: Server-Side Request Forgery (SSRF)
SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery SSRF may allow exposing the local OS user's NTLMv2 hash...
Server side request forgery (ssrf)
A server-side request forgery vulnerability CWE-918 in Fortinet FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 and FortiManager version 7.4.0, version 7.2.0 through 7.2.3 and before 7.0.8 allows a remote attacker with low privileges to view sensitive data from internal...
CVE-2023-44256
CVE-2023-44256 affects Fortinet FortiAnalyzer and FortiManager. A server-side request forgery (SSRF) vulnerability allows a remote, low-privilege attacker to view sensitive data from internal servers or perform a local port scan via a crafted HTTP request. Affected: FortiAnalyzer 7.4.0 and 7.2.0–...