VYPR

Maven package

com.bstek.ureport/ureport2-console

pkg:maven/com.bstek.ureport/ureport2-console

Vulnerabilities (2)

  • CVE-2022-25767May 1, 2022
    affected <= 2.2.9

    All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets.

  • CVE-2020-21122Sep 15, 2021
    affected <= 2.2.9

    UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.