Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-16 | CVE-2023-28155 | Server-Side Request Forgery (SSRF) vulnerability in Request Project Request ** UNSUPPORTED WHEN ASSIGNED ** The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). | 6.1 |
| 2023-03-14 | CVE-2023-27271 | Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 In SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability. | 7.5 |
| 2023-03-14 | CVE-2023-27896 | Server-Side Request Forgery (SSRF) vulnerability in SAP Businessobjects Business Intelligence 420/430 In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability. | 7.5 |
| 2023-03-14 | CVE-2023-26459 | Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Application Server Abap Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability. | 7.4 |
| 2023-03-10 | CVE-2023-27161 | Server-Side Request Forgery (SSRF) vulnerability in Jellyfin Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. | 7.5 |
| 2023-03-07 | CVE-2023-25230 | Server-Side Request Forgery (SSRF) vulnerability in Loonflow Project Loonflow R2.0.14 loonflow r2.0.14 is vulnerable to server-side request forgery (SSRF). | 4.9 |
| 2023-03-06 | CVE-2021-36396 | Server-Side Request Forgery (SSRF) vulnerability in Moodle In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk. | 7.5 |
| 2023-03-03 | CVE-2022-46973 | Server-Side Request Forgery (SSRF) vulnerability in Anji-Plus Report 0.9.8.6 Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability. | 9.8 |
| 2023-03-03 | CVE-2023-26492 | Server-Side Request Forgery (SSRF) vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 7.5 |
| 2023-03-03 | CVE-2023-20062 | Server-Side Request Forgery (SSRF) vulnerability in Cisco products Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. | 4.3 |