CVE-2022-29840

MEDIUM Year: 2022
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.

Related Vulnerabilities

CVE-2016-3718

MEDIUM
CVSS:5.5(Medium)

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

CWE-9182016

CVE-2019-20872

MEDIUM
CVSS:5.5(Medium)

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.

CWE-9182019

CVE-2020-14327

MEDIUM
CVSS:5.5(Medium)

A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the se...

CWE-9182020

CVE-2020-27018

MEDIUM
CVSS:5.5(Medium)

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's w...

CWE-9182020

CVE-2022-24871

MEDIUM
CVSS:5.5(Medium)

Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Use...

CWE-9182022

CVE-2022-25876

MEDIUM
CVSS:5.5(Medium)

The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due...

CWE-9182022