CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,758 vulnerabilities with CWE-918
CVE-2020-26815 HIGH
SAP Fiori Launchpad News Tile Application 750-755 - Server-Side Request Forgery
CVSS 8.6
CVE-2020-26811 MEDIUM
SAP Commerce Cloud (Accelerator Payment Mock) 1808, 1811, 1905, 2005 - Unauthenticated Server-Side Request Forgery
CVSS 5.3
CVE-2020-27018 MEDIUM
Trend Micro InterScan Messaging Security Virtual Appliance < 9.1 - Authenticated Server-Side Request Forgery
CVSS 5.5
CVE-2020-15297 HIGH
Bitdefender Endpoint Security Tools <6.6.20.294 - Auth Bypass
CVSS 7.1
CVE-2020-28168 MEDIUM
axios 0.19.0-0.20.0 - Server-Side Request Forgery via Redirect Bypass
CVSS 5.9
CVE-2020-28043 HIGH
MISP < 2.4.133 - Server-Side Request Forgery via REST Client use_full_path Parameter
CVSS 7.5
CVE-2020-24881 CRITICAL
osTicket < 1.14.3 - Server-Side Request Forgery
CVSS 9.8
CVE-2020-24710 MEDIUM
gophish < 0.11.0 - Server-Side Request Forgery
CVSS 5.3
CVE-2020-7126 MEDIUM
Aruba Airwave Glass < 1.3.2 - Server-Side Request Forgery
CVSS 5.8
CVE-2020-25466 CRITICAL
CRMEB 3.0 - Remote File Download and Code Execution via downloadimage
CVSS 9.8
CVE-2020-15002 MEDIUM
OX App Suite <=7.10.3 - Server-Side Request Forgery via Messaging API
CVSS 5.0
CVE-2020-25820 MEDIUM
BigBlueButton < 2.2.27 - Authenticated Server-Side Request Forgery via ODF xlink Field
CVSS 6.5
CVE-2020-6308 MEDIUM
SAP BusinessObjects Web Services - Info Disclosure
CVSS 5.3
CVE-2020-15822 HIGH
JetBrains YouTrack < 2020.2.10514 - Server-Side Request Forgery via URL Filter Bypass
CVSS 7.3
CVE-2020-27197 CRITICAL
libtaxii < 1.1.117 and OpenTAXII < 0.2.0 - Server-Side Request Forgery via Parse Method
CVSS 9.8
CVE-2020-26948 CRITICAL
Emby SSRF HTTP Scanner
CVSS 9.8
CVE-2020-7740 HIGH
node-pdf-generator - Server-Side Request Forgery via Unsanitized URL Content
CVSS 8.2
CVE-2020-7739 HIGH
phantomjs-seo - Server-Side Request Forgery via Crafted URL
CVSS 8.2
CVE-2020-5784 MEDIUM
Teltonika TRB245 Firmware TRB2_R_00.02.04.3 - Server-Side Request Forgery
CVSS 6.5
CVE-2020-24570 MEDIUM
MB CONNECT LINE mymbCONNECT24 & mbCONNECT24 < 2.6.1 - CSRF & SSRF via com_mb24proxy
CVSS 6.5
CVE-2020-15594 MEDIUM
Zoho Application Control Plus < 10.0.511 - Server-Side Request Forgery via Mail Gateway Configuration
CVSS 4.3
CVE-2020-14023 MEDIUM
Ozeki NG SMS Gateway <= 4.17.6 - Server-Side Request Forgery via SMS WCF or RSS To SMS
CVSS 4.9
CVE-2020-16171 MEDIUM
Acronis Cyber Backup < 12.5 - Server-Side Request Forgery via Custom Shard Header
CVSS 6.5
CVE-2020-15772 MEDIUM
Gradle Enterprise 2018.5-2020.2.4 - XML External Entity Injection via SAML Metadata Upload
CVSS 4.9
CVE-2020-13309 MEDIUM
GitLab <13.1.10-13.3.4 - Blind SSRF
CVSS 5.4
Details
Vulnerabilities 2,758
Links
MITRE CWE Entry Search this CWE With Exploits