Vulnerabilities > Apache > Traffic Control > 6.0.1

DATE CVE VULNERABILITY TITLE RISK
2022-02-06 CVE-2022-23206 Server-Side Request Forgery (SSRF) vulnerability in Apache Traffic Control
In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach.
network
low complexity
apache CWE-918
7.5
7.5
2021-11-11 CVE-2021-43350 Injection vulnerability in Apache Traffic Control
An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter.
network
low complexity
apache CWE-74
critical
 9.8
9.8