CVE-2021-21009

HIGH Year: 2021
CVSS v3 Score
8.6
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

Adobe Campaign Classic Gold Standard 10 (and earlier), 20.3.1 (and earlier), 20.2.3 (and earlier), 20.1.3 (and earlier), 19.2.3 (and earlier) and 19.1.7 (and earlier) are affected by a server-side request forgery (SSRF) vulnerability. Successful exploitation could allow an attacker to use the Campaign instance to issue unauthorized requests to internal or external resources.

Related Vulnerabilities

CVE-2016-4029

HIGH
CVSS:8.6(High)

WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via ...

CWE-9182016

CVE-2016-6483

HIGH
CVSS:8.6(High)

The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5....

CWE-9182016

CVE-2016-6621

HIGH
CVSS:8.6(High)

The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.

CWE-9182016

CVE-2016-7964

HIGH
CVSS:8.6(High)

The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This a...

CWE-9182016

CVE-2016-9752

HIGH
CVSS:8.6(High)

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.

CWE-9182016

CVE-2017-15644

HIGH
CVSS:8.6(High)

SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.

CWE-9182017