CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,749 vulnerabilities with CWE-918
CVE-2022-43880 MEDIUM
IBM QRadar WinCollect Agent <10.1.2 - DoS
CVSS 4.4
CVE-2022-34269 HIGH
RWS WorldServer < 11.7.3 - Authenticated Server-Side Request Forgery via ws-legacy/load_dtd
CVSS 8.8
CVE-2022-40700 HIGH
Millionclues Admin Css MU < 2.6 - SSRF
CVSS 8.2
CVE-2022-40312 MEDIUM
GiveWP < 2.25.1 - Server-Side Request Forgery
CVSS 5.5
CVE-2022-45362 HIGH
Paytm Payment Gateway < 2.7.0 - Server-Side Request Forgery
CVSS 7.2
CVE-2022-45835 MEDIUM
PhonePe Payment Solutions < 1.0.15 - Server-Side Request Forgery
CVSS 5.8
CVE-2022-3172 MEDIUM
kubernetes/apiserver < 1.21.14 - Server-Side Request Forgery via Aggregated API Server
CVSS 5.1
CVE-2022-44730 MEDIUM
Apache XML Graphics Batik 1.16 - Server-Side Request Forgery via Malicious SVG
CVSS 4.4
CVE-2022-44729 HIGH
Apache XML Graphics Batik 1.16 - Server-Side Request Forgery via Malicious SVG
CVSS 7.1
CVE-2022-41401 MEDIUM
OpenRefine <= 3.5.2 - Server-Side Request Forgery
CVSS 6.5
CVE-2022-2416 MEDIUM
Octopus Server 2019.4.0-2022.4.9997 - Server-Side Request Forgery
CVSS 5.5
CVE-2022-42183 CRITICAL
Precisely Spectrum Spatial Analyst 20.01 - Server-Side Request Forgery
CVSS 9.1
CVE-2022-29840 MEDIUM
Western Digital My Cloud OS 5.02.104-5.26.201 - Server-Side Request Forgery via Loopback URL Modification
CVSS 5.1
CVE-2022-48477 MEDIUM
JetBrains Hub < 2023.1.15725 - Server-Side Request Forgery in Auth Module Integration
CVSS 4.1
CVE-2022-43699 MEDIUM
OX App Suite < 7.10.6-rev30 - Server-Side Request Forgery via Email Account Discovery
CVSS 4.3
CVE-2022-43698 MEDIUM
OX App Suite < 7.10.6-rev30 - Server-Side Request Forgery via POP3 Account Configuration
CVSS 4.3
CVE-2022-46973 CRITICAL
aj-report 0.9.8.6 - Server-Side Request Forgery
CVSS 9.8
CVE-2022-37938 CRITICAL
HPE Serviceguard for Linux < a.12.80.05 - Unauthenticated Server-Side Request Forgery
CVSS 9.8
CVE-2022-4492 HIGH
Red Hat build of Quarkus - Server-Side Request Forgery via Undertow Client
CVSS 7.5
CVE-2022-48321 MEDIUM
Checkmk <=2.1.0p11 - Limited Server-Side Request Forgery via Host Registration API
CVSS 6.8
CVE-2022-27234 MEDIUM
Intel Computer Vision Annotation Tool < 2.0.1 - Authenticated Server-Side Request Forgery
CVSS 4.3
CVE-2022-45085 MEDIUM
Group Arge Energy and Control Systems Smartpower Web < 23.01.01 - Server-Side Request Forgery
CVSS 6.5
CVE-2022-47872 HIGH
Maccms10 2021.1000.2000 - Server-Side Request Forgery via Name Parameter
CVSS 8.8
CVE-2022-37033 MEDIUM
dotcms 5.x-22.06 - Server-Side Request Forgery via TempFileAPI Redirect Handling
CVSS 6.5
CVE-2022-4201 LOW
GitLab 11.3-15.4.5, 15.5-15.5.4, 15.6-15.6.0 - Server-Side Request Forgery via GitLab Runner Configuration
CVSS 3.5
Details
Vulnerabilities 2,749
Links
MITRE CWE Entry Search this CWE With Exploits