Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-08 | CVE-2020-5014 | Server-Side Request Forgery (SSRF) vulnerability in IBM Datapower Gateway IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. | 6.7 |
| 2021-03-02 | CVE-2020-12529 | Server-Side Request Forgery (SSRF) vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24 An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports. | 5.3 |
| 2021-02-26 | CVE-2021-23345 | Server-Side Request Forgery (SSRF) vulnerability in Thecodingmachine Gotenberg All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>. | 5.3 |
| 2021-02-25 | CVE-2020-23534 | Server-Side Request Forgery (SSRF) vulnerability in Masterlab 2.1.5 A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter. | 9.8 |
| 2021-02-25 | CVE-2021-27670 | Server-Side Request Forgery (SSRF) vulnerability in Appspace 6.2.4 Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. | 9.8 |
| 2021-02-24 | CVE-2020-11988 | Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. | 8.2 |
| 2021-02-24 | CVE-2020-11987 | Server-Side Request Forgery (SSRF) vulnerability in multiple products Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. | 8.2 |
| 2021-02-24 | CVE-2021-21973 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Cloud Foundation and Vcenter Server The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. | 5.3 |
| 2021-02-23 | CVE-2020-8902 | Server-Side Request Forgery (SSRF) vulnerability in Google Rendertron Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. | 4.3 |
| 2021-02-22 | CVE-2020-36232 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Atlassian-Gadgets The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it incorrectly obtained application base url information from the executing http request which could be attacker controlled. | 5.0 |