CVE-2023-26459

HIGH Year: 2023
CVSS v3 Score
7.4
High
Weakness Type
CWE-918
View all →

Vulnerability Description

Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability.

Related Vulnerabilities

CVE-2016-7999

HIGH
CVSS:7.4(High)

ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.

CWE-9182016

CVE-2016-9417

HIGH
CVSS:7.4(High)

The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecifi...

CWE-9182016

CVE-2017-5518

HIGH
CVSS:7.4(High)

The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.

CWE-9182017

CVE-2017-5617

HIGH
CVSS:7.4(High)

The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file...

CWE-9182017

CVE-2017-5643

HIGH
CVSS:7.4(High)

Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.

CWE-9182017

CVE-2017-6130

HIGH
CVSS:7.4(High)

F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT ...

CWE-9182017