Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-24 | CVE-2021-3553 | Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Endpoint Security Tools and Gravityzone A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. | 7.5 |
| 2021-11-24 | CVE-2021-43780 | Server-Side Request Forgery (SSRF) vulnerability in Redash Redash is a package for data visualization and sharing. | 8.8 |
| 2021-11-22 | CVE-2021-23718 | Server-Side Request Forgery (SSRF) vulnerability in Ssrf-Agent Project Ssrf-Agent The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. | 7.5 |
| 2021-11-19 | CVE-2021-22969 | Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N . | 5.3 |
| 2021-11-19 | CVE-2021-22970 | Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. | 7.5 |
| 2021-11-12 | CVE-2021-39303 | Server-Side Request Forgery (SSRF) vulnerability in Jamf The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. | 9.8 |
| 2021-11-10 | CVE-2021-43562 | Server-Side Request Forgery (SSRF) vulnerability in Pixxio Pixx.Io An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. | 8.8 |
| 2021-11-04 | CVE-2021-43293 | Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). | 4.3 |
| 2021-11-02 | CVE-2021-29738 | Server-Side Request Forgery (SSRF) vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). | 5.4 |
| 2021-10-27 | CVE-2021-29844 | Server-Side Request Forgery (SSRF) vulnerability in IBM products IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). | 8.8 |