Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14.

**Description**

SuiteCRM has an Inbound Email Account Test Connection function which allows the adversary to perform a Server-Side Request Forgery (SSRF) attack. It doesn't verify or validate the provided URL/IP Address, allowing it to leak internal and fetch external service information regardless of the protocol.

**Proof of Concept**

    1. Login as a user > Browse Profile > Inbound Email Accounts > New Personal Inbound Email Account
    2. Enter the target host in the mail server address and the target port
    3. click TEST CONNECTION SETTINGS
    4. Observe the result with response error and timing
    
    

Localhost: POC and Payload

Internal Network: POC and Payload

External Network: POC and Payload

It also has been validated in the demo. Demo POC

**Impact**

It allows the adversary to perform reconnaissance and scanning of localhost, internal network host, and external host services without any restriction in the request, which could result in the following;

1.  Local/Remote/External Port Scan
2.  Interact with internal apps/services/network
3.  Remote Code Execution by chaining services on the internal network
4.  Server can be used as a proxy to attack other networks

CVE-2023-6124: Server-Side Request Forgery (SSRF) in suitecrm

Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15.



**Solution**

 Fixed

Update the WordPress PhonePe Payment Solutions plugin to the latest available version (at least 2.0.0).

Aman Rawat discovered and reported this Server Side Request Forgery (SSRF) vulnerability in WordPress PhonePe Payment Solutions Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information of other services running on the system. This vulnerability has been fixed in version 2.0.0.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2022-45835: WordPress PhonePe Payment Solutions plugin <= 1.0.15 - Server Side Request Forgery (SSRF) - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5.



**Solution**

 Fixed

Update the WordPress WPGraphQL plugin to the latest available version (at least 1.14.6).

Ravi Dharmawan discovered and reported this Server Side Request Forgery (SSRF) vulnerability in WordPress WPGraphQL Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information of other services running on the system. This vulnerability has been fixed in version 1.14.6.

**Other vulnerabilities in this plugin**

 0 present

 3 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-23684: WordPress WPGraphQL plugin <= 1.14.5 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate.This issue affects WP Shortcodes Plugin — Shortcodes Ultimate: from n/a through 5.12.6.



**Solution**

 Fixed

Update the WordPress Shortcodes Ultimate plugin to the latest available version (at least 5.12.7).

Found this useful? Thank Rafie Muhammad (Patchstack) for reporting this vulnerability. Buy a coffee ☕

Rafie Muhammad (Patchstack) discovered and reported this Server Side Request Forgery (SSRF) vulnerability in WordPress Shortcodes Ultimate Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information of other services running on the system. This vulnerability has been fixed in version 5.12.7.

**Other vulnerabilities in this plugin**

 0 present

 8 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-23800: WordPress Shortcodes Ultimate plugin <= 5.12.6 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6.



**Solution**

 Fixed

Update the WordPress PowerPress Podcasting plugin to the latest available version (at least 11.0.7).

Found this useful? Thank Mika for reporting this vulnerability. Buy a coffee ☕

Mika discovered and reported this Server Side Request Forgery (SSRF) vulnerability in WordPress PowerPress Podcasting Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information of other services running on the system. This vulnerability has been fixed in version 11.0.7.

**Other vulnerabilities in this plugin**

 0 present

 10 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-41239: WordPress PowerPress Podcasting plugin by Blubrry plugin <= 11.0.6 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56.



**Solution**

 Fixed

Update the WordPress Church Admin plugin to the latest available version (at least 3.8.0).

Yuchen Ji discovered and reported this Server Side Request Forgery (SSRF) vulnerability in WordPress Church Admin Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information of other services running on the system. This vulnerability has been fixed in version 3.8.0.

**Other vulnerabilities in this plugin**

 0 present

 8 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-38515: WordPress Church Admin plugin <= 3.7.56 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11.



**Solution**

 Fixed

Update the WordPress HTTP Headers plugin to the latest available version (at least 1.19.0).

emad discovered and reported this Server Side Request Forgery (SSRF) vulnerability in WordPress HTTP Headers Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information of other services running on the system. This vulnerability has been fixed in version 1.19.0.

**Other vulnerabilities in this plugin**

 0 present

 4 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-37978: WordPress HTTP Headers plugin <= 1.18.11 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1.



**Solution**

 Fixed

Update the WordPress Download Monitor plugin to the latest available version (at least 4.8.2).

Found this useful? Thank Mika for reporting this vulnerability. Buy a coffee ☕

Mika discovered and reported this Server Side Request Forgery (SSRF) vulnerability in WordPress Download Monitor Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information of other services running on the system. This vulnerability has been fixed in version 4.8.2.

**Other vulnerabilities in this plugin**

 0 present

 15 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-31219: WordPress Download Monitor plugin <= 4.8.1 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2.



**Solution**

 Fixed

Update the WordPress Poll Maker plugin to the latest available version (at least 4.6.3).

Found this useful? Thank Abu Hurayra for reporting this vulnerability. Buy a coffee ☕

Abu Hurayra discovered and reported this Server Side Request Forgery (SSRF) vulnerability in WordPress Poll Maker Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information of other services running on the system. This vulnerability has been fixed in version 4.6.3.

**Other vulnerabilities in this plugin**

 0 present

 6 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-34013: WordPress Poll Maker plugin <= 4.6.2 - Server Side Request Forgery (SSRF) vulnerability - Patchstack

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  267484.

**Security Bulletin**

  

**Summary**

IBM QRadar SIEM includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Additionally, a cross site scripting issue was found. These have been addressed in the update.

**Vulnerability Details**

**CVEID:**   CVE-2020-22218  
**DESCRIPTION:**   libssh2 is vulnerable to a denial of service, caused by an out-of-bounds read in the \_libssh2\_packet\_add function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266252 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2023-20593  
**DESCRIPTION:**   AMD Ryzen, Gen AMD EPYC Processors could allow a local authenticated attacker to obtain sensitive information, caused by a use-after-free flaw in the vzeroupper instruction. By conducting a cache timing attack using a specially crafted application, an attacker could exploit this vulnerability to obtain sensitive data used by other processes, such as passwords and encryption keys, at a rate of 30KB/sec from each CPU core.  
CVSS Base score: 6.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/261343 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)

**CVEID:**   CVE-2023-35788  
**DESCRIPTION:**   Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an off-by-one flaw in the fl\_set\_geneve\_opt fucntion. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.  
CVSS Base score: 7.8  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/257458 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**   CVE-2022-44730  
**DESCRIPTION:**   Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open specially crafted SVG file, an attacker could exploit this vulnerability to conduct SSRF attack to probe user profile/data and send it directly as parameter to a URL.  
CVSS Base score: 5.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264130 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)

**CVEID:**   CVE-2022-44729  
**DESCRIPTION:**   Apache Batik is vulnerable to server-side request forgery, caused by improper input validation. By persuading a victim to open specially crafted SVG file, an attacker could exploit this vulnerability to conduct SSRF attack to cause resource consumption and obtain sensitive information.  
CVSS Base score: 7.1  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264129 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H)

**CVEID:**   CVE-2023-20900  
**DESCRIPTION:**   VMware Tools could allow a remote attacker to bypass security restrictions, caused by improper SAML token signature verification. By utilize man-in-the-middle attack techniques, an attacker could exploit this vulnerability to perform VMware Tools Guest Operations  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264792 for the current score.  
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**   CVE-2023-3341  
**DESCRIPTION:**   ISC BIND is vulnerable to a denial of service, caused by a stack exhaustion flaw in control channel code. By sending a specially crafted message over the control channel, a remote attacker could exploit this vulnerability to cause named to terminate.  
CVSS Base score: 7.5  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/266515 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

**CVEID:**   CVE-2023-3899  
**DESCRIPTION:**   Red Hat Enterprise Linux could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper authorization by the subscription-manager. By sending a specially crafted request through D-Bus interface com.redhat.RHSM1, an authenticated attacker could exploit this vulnerability to gain elevated privileges to an unconfined root.  
CVSS Base score: 7.8  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/264328 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

**CVEID:**   CVE-2023-43057  
**DESCRIPTION:**   IBM QRadar SIEM is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  
CVSS Base score: 4.6  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/267484 for the current score.  
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N)

**Affected Products and Versions**

**Affected Product(s)**

**Version(s)**

IBM QRadar SIEM

7.5 - 7.5.0 UP7

**Remediation/Fixes**

**IBM strongly encourages customers to update their systems promptly.**

**Product**

**Version**

**Remediation/First Fix**

IBM QRadar SIEM

7.5.0 

7.5.0 UP7 IF02

**Workarounds and Mitigations**

None

**References**

Off

**Acknowledgement**

**Change History**

10 Nov 2023: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. "Affected Products and Versions" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU059","label":"IBM Software w\\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"","Platform":\[{"code":"PF016","label":"Linux"}\],"Version":"7.5.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}\]

Tag

#ssrf