Total
1165 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18646 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows SSRF. | |||||
| CVE-2018-0398 | 1 Cisco | 1 Finesse | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Cisco Bug IDs: CSCvg71018. | |||||
| CVE-2018-12809 | 1 Adobe | 1 Experience Manager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure. | |||||
| CVE-2018-1789 | 1 Ibm | 1 Api Connect | 2024-02-04 | 6.5 MEDIUM | 9.9 CRITICAL |
| IBM API Connect v2018.1.0 through v2018.3.4 could allow an attacker to send a specially crafted request to conduct a server side request forgery attack. IBM X-Force ID: 148939. | |||||
| CVE-2018-1000422 | 1 Atlassian | 1 Crowd2 | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings. | |||||
| CVE-2018-14514 | 1 Icmsdev | 1 Icms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact. | |||||
| CVE-2018-19651 | 1 Interspire | 1 Email Marketer | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file: URL. | |||||
| CVE-2019-3905 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-02-04 | 7.5 HIGH | 10.0 CRITICAL |
| Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF. | |||||
| CVE-2018-20596 | 1 Jspxcms | 1 Jspxcms | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Jspxcms v9.0.0 allows SSRF. | |||||
| CVE-2018-0403 | 1 Cisco | 2 Unified Contact Center Express, Unified Ip Interactive Voice Response | 2024-02-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to retrieve a cleartext password. Cisco Bug IDs: CSCvg71040. | |||||
| CVE-2019-1003027 | 1 Jenkins | 1 Octopusdeploy | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins OctopusDeploy Plugin 1.8.1 and earlier in OctopusDeployPlugin.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified URL and obtain the HTTP response code if successful, and exception error message otherwise. | |||||
| CVE-2018-1000184 | 1 Jenkins | 1 Github | 2024-02-04 | 5.5 MEDIUM | 5.4 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |||||
| CVE-2018-1000056 | 1 Jenkins | 1 Junit | 2024-02-04 | 6.5 MEDIUM | 8.3 HIGH |
| Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | |||||
| CVE-2017-0929 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. | |||||
| CVE-2018-1000606 | 1 Jenkins | 1 Urltrigger | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | |||||
| CVE-2017-16614 | 1 Tp-shop | 1 Tpshop | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter. | |||||
| CVE-2018-1000054 | 1 Jenkins | 1 Ccm | 2024-02-04 | 6.5 MEDIUM | 8.3 HIGH |
| Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks. | |||||
| CVE-2017-6201 | 1 Sandstorm | 1 Sandstorm | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
| A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs directly. | |||||
| CVE-2017-14611 | 1 Agentejo | 1 Cockpit | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component. | |||||
| CVE-2018-6186 | 1 Citrix | 1 Netscaler | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges. | |||||