Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-11 | CVE-2018-18569 | Server-Side Request Forgery (SSRF) vulnerability in Dundas BI 5.0.1.1010 The Dundas BI server before 5.0.1.1010 is vulnerable to a Server-Side Request Forgery attack, allowing an attacker to forge arbitrary requests (with certain restrictions) that will be executed on behalf of the attacker, via the viewUrl parameter of the "export the dashboard as an image" feature. | 8.6 |
| 2019-02-07 | CVE-2019-1679 | Server-Side Request Forgery (SSRF) vulnerability in Cisco Telepresence Video Communication Server A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. | 5.0 |
| 2019-02-06 | CVE-2019-1003020 | Server-Side Request Forgery (SSRF) vulnerability in Jenkins Kanboard A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET request to an attacker-specified URL. | 4.3 |
| 2019-02-05 | CVE-2018-15657 | Server-Side Request Forgery (SSRF) vulnerability in 42Gears Suremdm 6.31/6.34/6.35 An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter. | 7.3 |
| 2019-01-31 | CVE-2018-15517 | Server-Side Request Forgery (SSRF) vulnerability in Dlink Central Wifimanager 1.03 The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. | 8.6 |
| 2019-01-31 | CVE-2018-15516 | Server-Side Request Forgery (SSRF) vulnerability in Dlink Central Wifimanager 1.03 The FTP service on D-Link Central WiFiManager CWM-100 1.03 r0098 devices allows remote attackers to conduct a PORT command bounce scan via port 8000, resulting in SSRF. | 5.8 |
| 2019-01-30 | CVE-2018-12609 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite OX App Suite 7.8.4 and earlier allows Server-Side Request Forgery. | 6.5 |
| 2019-01-14 | CVE-2019-6257 | Server-Side Request Forgery (SSRF) vulnerability in Std42 Elfinder A Server Side Request Forgery (SSRF) vulnerability in elFinder before 2.1.46 could allow a malicious user to access the content of internal network resources. | 7.7 |
| 2019-01-09 | CVE-2018-1000422 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Crowd2 An improper authorization vulnerability exists in Jenkins Crowd 2 Integration Plugin 2.0.0 and earlier in CrowdSecurityRealm.java that allows attackers to have Jenkins perform a connection test, connecting to an attacker-specified server with attacker-specified credentials and connection settings. | 6.5 |
| 2019-01-09 | CVE-2018-1000421 | Server-Side Request Forgery (SSRF) vulnerability in Apache Mesos An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and earlier in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |