CVE-2022-39055 MEDIUM

CVE-2022-39055: Changing Information Technology Inc. RAVA certificate validation system - Server-Side Request Forgery (SSRF)

Vendor Changing Information Technology Inc.
Product RAVA certificate validation system
Weakness CWE-918 · SSRF
Published October 18, 2022
Last update May 9, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

RAVA certificate validation system has inadequate filtering for URL parameter. An unauthenticated remote attacker can perform SSRF attack to discover internal network topology base on query response.

Key dates

02Disclosure timeline

October 18, 2022 CVE published
May 9, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-29226 Apache OFBiz: Low-Privilege SSRF in Content Component CVE-2023-38515 WordPress Church Admin Plugin <= 3.7.56 is vulnerable to Server Side Request Forgery (SSRF) CVE-2026-7158 dmitryglhf mcp-url-downloader server.py _validate_url_safe server-side request forgery CVE-2026-5803 bigsk1 openai-realtime-ui API Proxy Endpoint server.js server-side request forgery CVE-2026-31955 Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality