Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVEs (2,678)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-21311 2Adminer Debian 2Adminer Debian Linux Oct 24, 2025 Feb 11, 2021 N/A· v4 7.2 HIGH· v3 6.4 MEDIUM· v2 Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g...Show more Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.Show less
CVE-2021-21288 1Carrierwave Project 1Carrierwave Nov 21, 2024 Feb 8, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowi...Show more CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.Show less
CVE-2021-25241 1Trendmicro 2Apex One Worry Free Business Security Nov 21, 2024 Feb 4, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a sweep.
CVE-2021-25236 1Trendmicro 2Officescan Worry Free Business Security Nov 21, 2024 Feb 4, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a speci...Show more A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents via a specific sweep.Show less
CVE-2020-35667 1Jetbrains 1Teamcity Nov 21, 2024 Feb 3, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials.
CVE-2021-21287 1Minio 1Minio Nov 21, 2024 Feb 1, 2021 N/A· v4 7.7 HIGH· v3 4.0 MEDIUM· v2 MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have fu...Show more MinIO is a High Performance Object Storage released under Apache License v2.0. In MinIO before version RELEASE.2021-01-30T00-20-58Z there is a server-side request forgery vulnerability. The target application may have functionality for importing data from a URL, publishing data to a URL, or otherwise reading data from a URL that can be tampered with. The attacker modifies the calls to this functionality by supplying a completely different URL or by manipulating how URLs are built (path traversal etc.). In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL which the code running on the server will read or submit data, and by carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like HTTP enabled databases, or perform post requests towards internal services which are not intended to be exposed. This is fixed in version RELEASE.2021-01-30T00-20-58Z, all users are advised to upgrade. As a workaround you can disable the browser front-end with "MINIO_BROWSER=off" environment variable.Show less
CVE-2020-4787 1Ibm 1Qradar Security Information And Event Manager Nov 21, 2024 Jan 27, 2021 N/A· v4 2.3 LOW· v3 2.1 LOW· v2 IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests fr...Show more IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224.Show less
CVE-2020-4786 1Ibm 1Qradar Security Information And Event Manager Nov 21, 2024 Jan 27, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests fr...Show more IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221.Show less
CVE-2020-23776 1Winmail Project 1Winmail Nov 21, 2024 Jan 26, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the requ...Show more A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request.Show less
CVE-2020-36200 1Kaspersky 1Tinycheck Nov 21, 2024 Jan 26, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs.
CVE-2021-1272 1Cisco 1Data Center Network Manager Nov 21, 2024 Jan 20, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) att...Show more A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass access controls and conduct a server-side request forgery (SSRF) attack on a targeted system. This vulnerability is due to insufficient validation of parameters in a specific HTTP request by an attacker. An attacker could exploit this vulnerability by sending a crafted HTTP request to an authenticated user of the DCNM web application. A successful exploit could allow the attacker to bypass access controls and gain unauthorized access to the Device Manager application, which provides access to network devices managed by the system.Show less
CVE-2020-24641 1Arubanetworks 1Airwave Glass Nov 21, 2024 Jan 15, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be...Show more In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface.Show less
CVE-2021-21009 1Adobe 1Campaign Classic Nov 21, 2024 Jan 13, 2021 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF)...Show more Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to internal or external resources.Show less
CVE-2021-23927 1Open Xchange 1Open Xchange Appsuite Nov 21, 2024 Jan 12, 2021 N/A· v4 6.4 MEDIUM· v3 5.5 MEDIUM· v2 OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request.
CVE-2020-24700 1Open Xchange 1Open Xchange Appsuite Nov 21, 2024 Jan 12, 2021 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. substring.
CVE-2020-35205 1Quest 1Policy Authority For Unified Communications Nov 21, 2024 Jan 11, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnera...Show more Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainerShow less
CVE-2020-28735 1Plone 1Plone Nov 21, 2024 Dec 30, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
CVE-2020-35850 1Cockpit Project 1Cockpit Nov 21, 2024 Dec 30, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An SSRF issue was discovered in cockpit-project.org Cockpit 234. NOTE: this is unrelated to the Agentejo Cockpit product. NOTE: the vendor states "I don't think [it] is a big real-life issue.
CVE-2020-26032 1Zammad 1Zammad Nov 21, 2024 Dec 28, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request an...Show more An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may lead to disclosure of information from intranet systems.Show less
CVE-2020-35712 1Esri 1Arcgis Server Nov 21, 2024 Dec 26, 2020 N/A· v4 9.8 CRITICAL· v3 9.3 HIGH· v2 Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations.

Previous 1...116117118...134 Next