Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-22 | CVE-2021-23718 | Server-Side Request Forgery (SSRF) vulnerability in Ssrf-Agent Project Ssrf-Agent The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. | 5.0 |
| 2021-11-19 | CVE-2021-22969 | Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N . | 5.0 |
| 2021-11-19 | CVE-2021-22970 | Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. | 5.0 |
| 2021-11-12 | CVE-2021-41259 | Server-Side Request Forgery (SSRF) vulnerability in Nim-Lang NIM Nim is a systems programming language with a focus on efficiency, expressiveness, and elegance. | 7.5 |
| 2021-11-10 | CVE-2021-43562 | Server-Side Request Forgery (SSRF) vulnerability in Pixxio Pixx.Io An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. | 6.5 |
| 2021-11-04 | CVE-2021-43293 | Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). | 4.0 |
| 2021-11-02 | CVE-2021-29738 | Server-Side Request Forgery (SSRF) vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). | 5.5 |
| 2021-10-27 | CVE-2021-29844 | Server-Side Request Forgery (SSRF) vulnerability in IBM products IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). | 6.5 |
| 2021-10-21 | CVE-2021-35512 | Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Applications Manager 15.2 An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. | 6.4 |
| 2021-10-21 | CVE-2021-41792 | Server-Side Request Forgery (SSRF) vulnerability in Alfresco products An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. | 5.0 |