CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,758 vulnerabilities with CWE-918
CVE-2020-4786 MEDIUM
IBM QRadar SIEM 7.3.0-7.3.3 Patch 5, 7.4.0-7.4.2 Patch 1 - Authenticated Server-Side Request Forgery
CVSS 4.3
CVE-2020-23776 HIGH
Winmail 6.5 - Server-Side Request Forgery via Key Parameter
CVSS 7.5
CVE-2020-36200 MEDIUM
Kaspersky TinyCheck < 2020-12-18 - Authenticated Server-Side Request Forgery
CVSS 6.5
CVE-2020-24641 HIGH
Aruba AirWave Glass < 1.3.3 - Unauthenticated Server-Side Request Forgery
CVSS 7.5
CVE-2020-24700 MEDIUM
Open-xchange Appsuite < 7.10.3 - SSRF
CVSS 5.4
CVE-2020-35205 CRITICAL
Quest Policy Authority for Unified Communications 8.1.2.200 - Server-Side Request Forgery via initFile.jsp
CVSS 9.8
CVE-2020-28735 HIGH
Plone < 5.2.3 - Authenticated Server-Side Request Forgery via Tracebacks Feature
CVSS 8.8
CVE-2020-35850 MEDIUM
Cockpit 234 - Server-Side Request Forgery
CVSS 6.5
CVE-2020-26032 HIGH
Zammad < 3.4.1 - Server-Side Request Forgery via SMS Configuration Interface
CVSS 7.5
CVE-2020-35712 CRITICAL
Esri ArcGIS Server < 10.8 - Server-Side Request Forgery
CVSS 9.8
CVE-2020-8464 HIGH
Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 - SSRF
CVSS 7.5
CVE-2020-26258 MEDIUM
XStream <1.4.15 - Server-Side Request Forgery via XML Unmarshalling
CVSS 6.3
CVE-2020-10770 MEDIUM
Keycloak < 13.0.0 - Server-Side Request Forgery via OIDC request_uri Parameter
CVSS 5.3
CVE-2020-17513 MEDIUM
Apache Airflow < 1.10.13 - Server-Side Request Forgery via Charts and Query View
CVSS 5.3
CVE-2020-24444 MEDIUM
Adobe AEM Forms 6.5.6.0 and 6.4.8.2 - Blind Server-Side Request Forgery
CVSS 5.8
CVE-2020-28978 MEDIUM
WordPress Canto Plugin 1.3.0 - Blind SSRF via subdomain Parameter
CVSS 5.3
CVE-2020-28977 MEDIUM
WordPress Canto Plugin 1.3.0 - Blind Server-Side Request Forgery via get.php
CVSS 5.3
CVE-2020-28976 MEDIUM
WordPress Canto Plugin 1.3.0 - Blind Server-Side Request Forgery via detail.php
CVSS 5.3
CVE-2020-24815 MEDIUM
MicroStrategy 10.4/2019/2020 - Authenticated PDF Export Server-Side Request Forgery
CVSS 6.5
CVE-2020-28360 CRITICAL
private-ip < 1.0.5 - Server-Side Request Forgery via Insufficient RegEx Filtering
CVSS 9.8
CVE-2020-27626 MEDIUM
JetBrains YouTrack <2020.3.5333 - SSRF
CVSS 5.3
CVE-2020-27624 MEDIUM
JetBrains YouTrack <2020.3.888 - SSRF
CVSS 5.3
CVE-2020-7329 HIGH
McAfee MVISION Endpoint < 20.11 - Server-Side Request Forgery via XML File Processing
CVSS 7.2
CVE-2020-7328 HIGH
McAfee MVISION Endpoint < 20.11 - Server-Side Request Forgery via ePO Extension HTTP Request
CVSS 7.2
CVE-2020-24063 HIGH
WordPress Canto Plugin <1.3.0 - SSRF
CVSS 7.2
Details
Vulnerabilities 2,758
Links
MITRE CWE Entry Search this CWE With Exploits