CVE-2024-31215

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When a malicious app is uploaded to Static analyzer, it is possible to make internal requests. This vulnerability has been patched in version 3.9.8.

Related Vulnerabilities

CVE-2017-7553

MEDIUM
CVSS:6.3(Medium)

The external_request api call in App Studio (millicore) allows server side request forgery (SSRF). An attacker could use this flaw to probe the network internal resources, and access restricted endpoi...

CWE-9182017

CVE-2020-11980

MEDIUM
CVSS:6.3(Medium)

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there f...

CWE-9182020

CVE-2020-4294

MEDIUM
CVSS:6.3(Medium)

IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to ne...

CWE-9182020

CVE-2020-4974

MEDIUM
CVSS:6.3(Medium)

IBM Jazz Foundation products are vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to networ...

CWE-9182020

CVE-2020-8555

MEDIUM
CVSS:6.3(Medium)

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certa...

CWE-9182020

CVE-2021-3758

MEDIUM
CVSS:6.3(Medium)

bookstack is vulnerable to Server-Side Request Forgery (SSRF)

CWE-9182021