Latest Server-Side Request Forgery (SSRF) Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-09-04 CVE-2020-4632 Server-Side Request Forgery (SSRF) vulnerability in IBM Infosphere Metadata Asset Manager 11.7
IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-side request forgery.
network
low complexity
ibm
CWE-918
4.0
2020-08-31 CVE-2020-12644 Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API.
network
low complexity
open-xchange
CWE-918
4.0
2020-08-29 CVE-2020-24898 Server-Side Request Forgery (SSRF) vulnerability in Stiltsoft Table Filter and Charts FOR Confluence Server
The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter).
network
low complexity
stiltsoft
CWE-918
4.0
2020-08-28 CVE-2020-9298 Server-Side Request Forgery (SSRF) vulnerability in Spinnaker Orca
The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure.
network
low complexity
spinnaker
CWE-918
5.0
2020-08-26 CVE-2020-24548 Server-Side Request Forgery (SSRF) vulnerability in Ericom Access Server 9.2.0
Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform the attacker about closed ports.
network
low complexity
ericom
CWE-918
5.0
2020-08-25 CVE-2020-17386 Server-Side Request Forgery (SSRF) vulnerability in Cellopoint Cellos 4.1.10
Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly.
network
low complexity
cellopoint
CWE-918
4.0
2020-08-24 CVE-2020-14044 Server-Side Request Forgery (SSRF) vulnerability in Codiad
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forgery (SSRF) vulnerability was found in Codiad v1.7.8 and later.
network
low complexity
codiad
CWE-918
6.5
2020-08-21 CVE-2020-5775 Server-Side Request Forgery (SSRF) vulnerability in Instructure Canvas Learning Management Service 20200729
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.
network
low complexity
instructure
CWE-918
5.0
2020-08-17 CVE-2020-15152 Server-Side Request Forgery (SSRF) vulnerability in Ftp-Srv Project Ftp-Srv
ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to Server-Side Request Forgery.
network
low complexity
ftp-srv-project
CWE-918
5.0
2020-08-17 CVE-2020-8226 Server-Side Request Forgery (SSRF) vulnerability in PHPbb
A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.
network
low complexity
phpbb
CWE-918
5.0