Total
1417 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-4203 | 1 Ibm | 1 Api Connect | 2024-11-21 | 9.8 Critical |
| IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124. | ||||
| CVE-2019-3905 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | N/A |
| Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. | ||||
| CVE-2019-3809 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
| A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page. | ||||
| CVE-2019-3395 | 1 Atlassian | 2 Confluence, Confluence Server | 2024-11-21 | N/A |
| The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery. | ||||
| CVE-2019-20872 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services. | ||||
| CVE-2019-20474 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abuses allows performing network and port scan operations of the localhost or the hosts on the same network segment, aka SSRF. | ||||
| CVE-2019-20408 | 1 Atlassian | 1 Jira | 2024-11-21 | 5.3 Medium |
| The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. | ||||
| CVE-2019-20055 | 1 Liquidpixels | 1 Liquifire Os | 2024-11-21 | 6.5 Medium |
| LuquidPixels LiquiFire OS 4.8.0 allows SSRF via the call%3Durl substring followed by a URL in square brackets. | ||||
| CVE-2019-1872 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-11-21 | N/A |
| A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the affected software. An attacker could exploit this vulnerability by sending malicious requests to the affected system. A successful exploit could allow the attacker to send arbitrary network requests sourced from the affected system. | ||||
| CVE-2019-19999 | 1 Halo | 1 Halo | 2024-11-21 | 7.2 High |
| Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration. | ||||
| CVE-2019-19835 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2024-11-21 | 7.5 High |
| SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI. | ||||
| CVE-2019-19261 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.8 High |
| GitLab Enterprise Edition (EE) 6.7 and later through 12.5 allows SSRF. | ||||
| CVE-2019-18846 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 5.0 Medium |
| OX App Suite through 7.10.2 allows SSRF. | ||||
| CVE-2019-18394 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 9.8 Critical |
| A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. | ||||
| CVE-2019-18379 | 1 Symantec | 1 Messaging Gateway | 2024-11-21 | 7.3 High |
| Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. | ||||
| CVE-2019-18355 | 1 Thycotic | 1 Secret Server | 2024-11-21 | 9.8 Critical |
| An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. | ||||
| CVE-2019-17670 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 9.8 Critical |
| WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs. | ||||
| CVE-2019-17669 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 9.8 Critical |
| WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters. | ||||
| CVE-2019-17566 | 3 Apache, Oracle, Redhat | 21 Batik, Api Gateway, Business Intelligence and 18 more | 2024-11-21 | 7.5 High |
| Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. | ||||
| CVE-2019-17400 | 2 Redhat, Universal Office Converter Project | 2 Enterprise Linux, Universal Office Converter | 2024-11-21 | 7.5 High |
| The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion. | ||||