CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,749 vulnerabilities with CWE-918
CVE-2022-4335 MEDIUM
GitLab < 15.4.6, 15.5 < 15.5.5, 15.6 < 15.6.1 - Server-Side Request Forgery
CVSS 4.3
CVE-2022-46998 CRITICAL
taocms 3.0.2 - Server-Side Request Forgery
CVSS 9.8
CVE-2022-45926 HIGH
OpenText Extended ECM 20.4-22.3 - Server-Side Request Forgery via notify.localizeEmailTemplate Endpoint
CVSS 8.8
CVE-2022-3841 HIGH
Red Hat Advanced Cluster Management - Unauthenticated Console API Server-Side Request Forgery
CVSS 7.8
CVE-2022-25026 HIGH
Rocket TRUfusion Enterprise < 7.9.5.1 - Server-Side Request Forgery via upDwModuleProxy Endpoint
CVSS 7.5
CVE-2022-39039 CRITICAL
aenrich a+HRD - Unauthenticated Server-Side Request Forgery via URL Parameter
CVSS 9.8
CVE-2022-45027 MEDIUM
perfSONAR < 4.4.6 - Server-Side Request Forgery via HTTP Header
CVSS 5.3
CVE-2022-38212 HIGH
Esri Portal for ArcGIS <10.8.1 - SSRF
CVSS 7.5
CVE-2022-38211 HIGH
Esri Portal for ArcGIS <10.9.1 - SSRF
CVSS 7.5
CVE-2022-38203 HIGH
Esri Portal for ArcGIS <10.8.1 - SSRF
CVSS 7.5
CVE-2022-23544 HIGH
MeterSphere < 2.5.0 - Server-Side Request Forgery and Cross-Site Scripting via IssueProxyResourceService
CVSS 7.2
CVE-2022-45429 HIGH
Dahua DSS Express and Professional - Server-Side Request Forgery via URL Concatenation
CVSS 7.5
CVE-2022-4725 MEDIUM
AWS SDK < 2.59.1 - Server-Side Request Forgery via XML Parser
CVSS 5.5
CVE-2022-37313 MEDIUM
Open-xchange Appsuite < 7.10.5 - SSRF
CVSS 5.3
CVE-2022-3189 MEDIUM
Dataprobe iBoot-PDU Firmware < 1.42.06162022 - Server-Side Request Forgery via Host Parameter Manipulation
CVSS 5.3
CVE-2022-47635 CRITICAL
Wildix WMS 4.0-4.04.45396.23 - Server-Side Request Forgery via ZohoClient.php
CVSS 9.8
CVE-2022-38708 MEDIUM
IBM Cognos Analytics <11.2.1 - SSRF
CVSS 6.5
CVE-2022-42343 MEDIUM
Adobe Campaign < 7.3.2 - Authenticated Server-Side Request Forgery via URL Injection
CVSS 6.5
CVE-2022-46364 CRITICAL
Apache CXF < 3.4.10 - Server-Side Request Forgery via MTOM XOP:Include href Attribute
CVSS 9.8
CVE-2022-41949 MEDIUM
DHIS 2 2.34.0-2.36.12.1 - Authenticated Server-Side Request Forgery
CVSS 5.0
CVE-2022-46830 MEDIUM
JetBrains TeamCity <2022.10.1 - SSRF
CVSS 4.1
CVE-2022-35508 CRITICAL
Proxmox Virtual Environment and Proxmox Mail Gateway - Server-Side Request Forgery via HTTP Proxy
CVSS 9.8
CVE-2022-41412 HIGH
perfsonar < 4.4.5 - Server-Side Request Forgery via graphData.cgi
CVSS 8.6
CVE-2022-45152 CRITICAL
Moodle < 3.9.18 - Server-Side Request Forgery via LTI Provider Library
CVSS 9.1
CVE-2022-40842 CRITICAL
Ndk design NdkAdvancedCustomizationFields <3.5.0 - SSRF
CVSS 9.1
Details
Vulnerabilities 2,749
Links
MITRE CWE Entry Search this CWE With Exploits