CVE-2024-22219

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution (RCE), or performing Server-Side Request Forgery (SSRF) attacks.

Related Vulnerabilities

CVE-2017-7553

MEDIUM
CVSS:6.3(Medium)

The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoi...

CWE-9182017

CVE-2020-11980

MEDIUM
CVSS:6.3(Medium)

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there f...

CWE-9182020

CVE-2020-4294

MEDIUM
CVSS:6.3(Medium)

IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to ne...

CWE-9182020

CVE-2020-4974

MEDIUM
CVSS:6.3(Medium)

IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to networ...

CWE-9182020

CVE-2020-8555

MEDIUM
CVSS:6.3(Medium)

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certa...

CWE-9182020

CVE-2021-3758

MEDIUM
CVSS:6.3(Medium)

bookstack is vulnerable to Server-Side Request Forgery (SSRF)

CWE-9182021