CVE-2024-11618

MEDIUM Year: 2024
CVSS v3 Score
7.3
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-918
View all →

Vulnerability Description

A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2018-15657

HIGH
CVSS:7.3(High)

An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.

CWE-9182018

CVE-2018-7516

HIGH
CVSS:7.3(High)

A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network scan...

CWE-9182018

CVE-2019-18379

HIGH
CVSS:7.3(High)

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backen...

CWE-9182019

CVE-2020-15822

HIGH
CVSS:7.3(High)

In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.

CWE-9182020

CVE-2020-4529

HIGH
CVSS:7.3(High)

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially lea...

CWE-9182020

CVE-2024-1233

HIGH
CVSS:7.3(High)

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed...

CWE-9182024