CVE-2019-20474

MEDIUM Year: 2019
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.447. The service to test the mail-server configuration suffers from an authorization issue allowing a user with the Guest role (read-only access) to use and abuse it. One of the abuses allows performing network and port scan operations of the localhost or the hosts on the same network segment, aka SSRF.

Related Vulnerabilities

CVE-2017-15029

MEDIUM
CVSS:4.3(Medium)

Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.

CWE-9182017

CVE-2017-18036

MEDIUM
CVSS:4.3(Medium)

The Github repository importer in Atlassian Bitbucket Server before version 5.3.0 allows remote attackers to determine if a service they could not otherwise reach has open ports via a Server Side Requ...

CWE-9182017

CVE-2018-1000185

MEDIUM
CVSS:4.3(Medium)

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET...

CWE-9182018

CVE-2018-17450

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integra...

CWE-9182018

CVE-2018-1999039

MEDIUM
CVSS:4.3(Medium)

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an att...

CWE-9182018

CVE-2019-1003020

MEDIUM
CVSS:4.3(Medium)

A server-side request forgery vulnerability exists in Jenkins Kanboard Plugin 1.5.10 and earlier in KanboardGlobalConfiguration.java that allows attackers with Overall/Read permission to submit a GET ...

CWE-9182019