• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-918

CVE-2021-39152

February 23, 2023 by

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream’s security framework with a whitelist limited to the minimal required types. If you rely on XStream’s default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18.

CVE-2021-39051

February 23, 2023 by

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441.

CVE-2021-39057

February 23, 2023 by

IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 214616.

CVE-2021-37940

February 23, 2023 by

An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible.

CVE-2021-37711

February 23, 2023 by

Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.

CVE-2021-3758

February 23, 2023 by

bookstack is vulnerable to Server-Side Request Forgery (SSRF)

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 59
  • Go to page 60
  • Go to page 61
  • Go to page 62
  • Go to page 63
  • Interim pages omitted …
  • Go to page 114
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE