Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-05 | CVE-2020-8555 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services). | 6.3 |
| 2020-06-03 | CVE-2020-13379 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. | 8.2 |
| 2020-06-01 | CVE-2014-8943 | Server-Side Request Forgery (SSRF) vulnerability in Piwigo Lexiglot Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter. | 8.8 |
| 2020-05-20 | CVE-2020-13226 | Server-Side Request Forgery (SSRF) vulnerability in Wso2 API Manager 3.0.0 WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet. | 9.8 |
| 2020-05-14 | CVE-2020-4365 | Server-Side Request Forgery (SSRF) vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. | 4.3 |
| 2020-05-05 | CVE-2020-8830 | Server-Side Request Forgery (SSRF) vulnerability in Commscope Ruckus Zoneflex R500 Firmware CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen. | 8.8 |
| 2020-04-28 | CVE-2020-5562 | Server-Side Request Forgery (SSRF) vulnerability in Cybozu Garoon Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function. | 4.9 |
| 2020-04-17 | CVE-2020-11885 | Server-Side Request Forgery (SSRF) vulnerability in Wso2 Enterprise Integrator WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file. | 7.2 |
| 2020-04-15 | CVE-2020-4294 | Server-Side Request Forgery (SSRF) vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). | 6.3 |
| 2020-04-08 | CVE-2020-10980 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration. | 9.8 |