CVE-2020-5412

MEDIUM Year: 2020
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-441
View all →

Vulnerability Description

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.

Related Vulnerabilities

CVE-2019-3996

MEDIUM
CVSS:6.5(Medium)

ELOG 3.1.4-57bea22 and below can be used as an HTTP GET request proxy when unauthenticated remote attackers send crafted HTTP POST requests.

CWE-4412019

CVE-2018-12182

MEDIUM
CVSS:6.7(Medium)

Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local acces...

CWE-4412018

CVE-2018-16598

MEDIUM
CVSS:5.9(Medium)

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUD...

CWE-4412018

CVE-2020-26262

HIGH
CVSS:7.2(High)

Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of `127.x...

CWE-4412020

CVE-2025-25061

MEDIUM
CVSS:5.8(Medium)

Unintended proxy or intermediary ('Confused Deputy') issue exists in HMI ViewJet C-more series and HMI GC-A2 series, which may allow a remote unauthenticated attacker to use the product as an intermed...

CWE-4412025

CVE-2019-3924

HIGH
CVSS:7.5(High)

MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A...

CWE-4412019