How severe is CVE-2023-22817?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2023-22817?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2023-22817 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

Server-side request forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing DNS addresses that refer to loopback. This issue affects My Cloud OS 5 devices before 5.27.161, My Cloud Home, My Cloud Home Duo and SanDisk ibi devices before 9.5.1-104.

Related Vulnerabilities

CVE-2016-3718

MEDIUM

CVSS:5.5(Medium)

The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.

CWE-9182016

CVE-2019-20872

MEDIUM

CVSS:5.5(Medium)

An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.

CWE-9182019

CVE-2020-14327

MEDIUM

CVSS:5.5(Medium)

A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2. Functionality on the Tower server is abused by supplying a URL that could lead to the se...

CWE-9182020

CVE-2020-27018

MEDIUM

CVSS:5.5(Medium)

Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to a server side request forgery vulnerability which could allow an authenticated attacker to abuse the product's w...

CWE-9182020

CVE-2022-24871

MEDIUM

CVSS:5.5(Medium)

Shopware is an open commerce platform based on Symfony Framework and Vue. In affected versions an attacker can abuse the Admin SDK functionality on the server to read or update internal resources. Use...

CWE-9182022

CVE-2022-25876

MEDIUM

CVSS:5.5(Medium)

The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due...

CWE-9182022