Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-918

CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,758 vulnerabilities with CWE-918

CVE-2020-13650 HIGH

DigDash 2018R2-2019R1 - Server-Side Request Forgery via Login Page

CVE-2020-9427 MEDIUM

OX Guard 2.10.3 - Server-Side Request Forgery

CVE-2020-11980 MEDIUM

Apache Karaf < 4.2.9 - Server-Side Request Forgery via MLet getMBeansFromURL

CVE-2020-9645 HIGH

Adobe Experience Manager < 6.4.8.1 - Server-Side Request Forgery

CVE-2020-9643 HIGH

Adobe Experience Manager < 6.4.8.1 - Server-Side Request Forgery

CVE-2020-12725 HIGH

redash < 8.0.0 - Authenticated Server-Side Request Forgery via JSON Data Source

CVE-2020-4101 CRITICAL

HCL Digital Experience - Server-Side Request Forgery

CVE-2020-6275 CRITICAL

SAP NetWeaver AS ABAP 700-754 - Server-Side Request Forgery via Session Import/Export

CVE-2020-4529 HIGH

IBM Maximo Asset Management 7.6.0 and 7.6.1 - Authenticated Server-Side Request Forgery

CVE-2020-8555 MEDIUM

Kubernetes <1.15.12, <1.16.9, <1.17.5, <1.18.0 - SSRF

CVE-2020-13379 HIGH

Grafana 3.0.1-7.0.1 - Unauthenticated Server-Side Request Forgery via Avatar Feature

CVE-2020-13226 CRITICAL

WSO2 API Manager 3.0.0 - Server-Side Request Forgery via Publisher Node

CVE-2020-4365 MEDIUM

IBM WebSphere Application Server 8.5.0.0-8.5.5.16 - Authenticated Server-Side Request Forgery

CVE-2020-8830 HIGH

Ruckus ZoneFlex R500 Firmware - Server-Side Request Forgery via SUBCA-1 Field

CVE-2020-5562 MEDIUM

Cybozu Garoon 4.6.0-4.6.3 - Authenticated Server-Side Request Forgery via V-CUBE Meeting Function

CVE-2020-11885 HIGH

WSO2 Enterprise Integrator <= 6.6.0 - XML External Entity Injection via XML Validator

CVE-2020-4294 MEDIUM

IBM QRadar 7.3.0-7.3.3 Patch 2 - Authenticated Server-Side Request Forgery

CVE-2020-10980 CRITICAL

GitLab 8.0.0-12.9 - Server-Side Request Forgery via FogBugz Integration

CVE-2020-11453 MEDIUM

MicroStrategy Web 10.4 - Unauthenticated Server-Side Request Forgery via Test Web Service

CVE-2020-11452 MEDIUM

MicroStrategy Web < 10.4 - Server-Side Request Forgery via External Resource Import

CVE-2020-10956 CRITICAL

GitLab 8.10-12.9 - Server-Side Request Forgery via Project Import Note Feature

CVE-2020-3769 HIGH

Adobe Experience Manager <6.5 - SSRF

CVE-2020-10791 MEDIUM

openITCOCKPIT <3.7.3 - Authenticated SSRF

CVE-2020-8138 MEDIUM

Nextcloud Server < 15.0.14 - Server-Side Request Forgery via Malicious Calendar URL Subscription

CVE-2020-8135 CRITICAL

uppy < 1.9.3 - Server-Side Request Forgery

Previous Page 100 of 111 Next

Details

Vulnerabilities 2,758

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy