Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-03 | CVE-2020-35667 | Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Teamcity JetBrains TeamCity Plugin before 2020.2.85695 SSRF. | 7.5 |
| 2021-01-27 | CVE-2020-4787 | Server-Side Request Forgery (SSRF) vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). | 2.3 |
| 2021-01-27 | CVE-2020-4786 | Server-Side Request Forgery (SSRF) vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). | 4.3 |
| 2021-01-26 | CVE-2020-23776 | Server-Side Request Forgery (SSRF) vulnerability in Winmail Project Winmail 6.5 A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. | 7.5 |
| 2021-01-26 | CVE-2020-36200 | Server-Side Request Forgery (SSRF) vulnerability in Kaspersky Tinycheck TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs. | 6.5 |
| 2021-01-15 | CVE-2020-24641 | Server-Side Request Forgery (SSRF) vulnerability in Arubanetworks Airwave Glass In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. | 7.5 |
| 2021-01-12 | CVE-2021-23927 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy PUT request. | 6.4 |
| 2021-01-12 | CVE-2020-24700 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with an initial autoconfig. | 5.4 |
| 2021-01-11 | CVE-2020-35205 | Server-Side Request Forgery (SSRF) vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. | 9.8 |
| 2020-12-30 | CVE-2020-28735 | Server-Side Request Forgery (SSRF) vulnerability in Plone Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). | 8.8 |