Vulnerabilities > Server-Side Request Forgery (SSRF)

DATE CVE VULNERABILITY TITLE RISK
2021-11-22 CVE-2021-23718 Server-Side Request Forgery (SSRF) vulnerability in Ssrf-Agent Project Ssrf-Agent
The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function.
network
low complexity
ssrf-agent-project CWE-918
5.0
2021-11-19 CVE-2021-22969 Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS
Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N .
network
low complexity
concretecms CWE-918
5.0
2021-11-19 CVE-2021-22970 Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS
Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa.
network
low complexity
concretecms CWE-918
5.0
2021-11-12 CVE-2021-41259 Server-Side Request Forgery (SSRF) vulnerability in Nim-Lang NIM
Nim is a systems programming language with a focus on efficiency, expressiveness, and elegance.
network
low complexity
nim-lang CWE-918
7.5
2021-11-10 CVE-2021-43562 Server-Side Request Forgery (SSRF) vulnerability in Pixxio Pixx.Io
An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3.
network
low complexity
pixxio CWE-918
6.5
2021-11-04 CVE-2021-43293 Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager
Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF).
network
low complexity
sonatype CWE-918
4.0
2021-11-02 CVE-2021-29738 Server-Side Request Forgery (SSRF) vulnerability in IBM Infosphere Information Server 11.7
IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
5.5
2021-10-27 CVE-2021-29844 Server-Side Request Forgery (SSRF) vulnerability in IBM products
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
6.5
2021-10-21 CVE-2021-35512 Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Applications Manager 15.2
An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.
network
low complexity
zohocorp CWE-918
6.4
2021-10-21 CVE-2021-41792 Server-Side Request Forgery (SSRF) vulnerability in Alfresco products
An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3.
network
low complexity
alfresco CWE-918
5.0