CVE-2024-49822

MEDIUM Year: 2024
CVSS v3 Score
4.1
Medium
Weakness Type
CWE-918
View all →

Vulnerability Description

IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

Related Vulnerabilities

CVE-2018-13404

MEDIUM
CVSS:4.1(Medium)

The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9....

CWE-9182018

CVE-2019-6512

MEDIUM
CVSS:4.1(Medium)

An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF netwo...

CWE-9182019

CVE-2024-56275

MEDIUM
CVSS:4.1(Medium)

Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14.

CWE-9182024

CVE-2025-27907

MEDIUM
CVSS:4.1(Medium)

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially le...

CWE-9182025

CVE-2025-32358

MEDIUM
CVSS:4.1(Medium)

In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint retur...

CWE-9182025

CVE-2024-39338

MEDIUM
CVSS:4.0(Medium)

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

CWE-9182024