Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-12 | CVE-2017-16678 | Server-Side Request Forgery (SSRF) vulnerability in SAP products Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application. | 4.7 |
| 2017-12-11 | CVE-2017-15943 | Server-Side Request Forgery (SSRF) vulnerability in Paloaltonetworks Pan-Os The configuration file import for applications, spyware and vulnerability objects functionality in the web interface in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, and 7.1.x before 7.1.14 allows remote attackers to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities. | 5.3 |
| 2017-12-09 | CVE-2017-11291 | Server-Side Request Forgery (SSRF) vulnerability in Adobe Connect An issue was discovered in Adobe Connect 9.6.2 and earlier versions. | 10.0 |
| 2017-11-27 | CVE-2017-14585 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Hipchat Data Center and Hipchat Server A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. | 7.2 |
| 2017-11-17 | CVE-2017-4928 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Vcenter Server 5.5/6.0 The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior to 5.5 U3f) i.e. | 7.5 |
| 2017-11-17 | CVE-2017-16870 | Server-Side Request Forgery (SSRF) vulnerability in Updraftplus The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. | 8.1 |
| 2017-11-17 | CVE-2017-1000237 | Server-Side Request Forgery (SSRF) vulnerability in I-Librarian I Librarian I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password. | 9.8 |
| 2017-11-13 | CVE-2017-0907 | Server-Side Request Forgery (SSRF) vulnerability in Recurly Client .Net The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources. | 9.8 |
| 2017-11-13 | CVE-2017-0906 | Server-Side Request Forgery (SSRF) vulnerability in Recurly Client Python The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources. | 9.8 |
| 2017-11-13 | CVE-2017-0905 | Server-Side Request Forgery (SSRF) vulnerability in Recurly Client Ruby The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, 2.4.11, 2.5.4, 2.6.3, 2.7.8, 2.8.2, 2.9.2, 2.10.4, 2.11.3 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource#find" method that could result in compromise of API keys or other critical resources. | 9.8 |