Every CVE whose affected-product data names Ctrip Apollo, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2019-10686 — CVSS 10.0 (critical): An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port scan or…
CVE-2020-15170 — CVSS 7.0 (high): apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internet(which is not…