Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-24 | CVE-2021-22049 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in the vSAN Web Client (vSAN UI) plug-in. | 7.5 |
| 2021-11-24 | CVE-2021-3552 | Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Endpoint Security Tools and Gravityzone A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. | 5.0 |
| 2021-11-24 | CVE-2021-3553 | Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Endpoint Security Tools and Gravityzone A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. | 5.0 |
| 2021-11-24 | CVE-2021-43780 | Server-Side Request Forgery (SSRF) vulnerability in Redash Redash is a package for data visualization and sharing. | 6.0 |
| 2021-11-22 | CVE-2021-23718 | Server-Side Request Forgery (SSRF) vulnerability in Ssrf-Agent Project Ssrf-Agent The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. | 5.0 |
| 2021-11-19 | CVE-2021-22969 | Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N . | 5.0 |
| 2021-11-19 | CVE-2021-22970 | Server-Side Request Forgery (SSRF) vulnerability in Concretecms Concrete CMS Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. | 5.0 |
| 2021-11-12 | CVE-2021-39303 | Server-Side Request Forgery (SSRF) vulnerability in Jamf The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. | 7.5 |
| 2021-11-10 | CVE-2021-43562 | Server-Side Request Forgery (SSRF) vulnerability in Pixxio Pixx.Io An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. | 6.5 |
| 2021-11-04 | CVE-2021-43293 | Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). | 4.0 |