Maven package
com.bstek.ureport/ureport2-console
pkg:maven/com.bstek.ureport/ureport2-console
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-25767 | — | <= 2.2.9 | — | May 1, 2022 | All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets. | ||
| CVE-2020-21122 | — | <= 2.2.9 | — | Sep 15, 2021 | UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports. |
- CVE-2022-25767May 1, 2022affected <= 2.2.9
All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets.
- CVE-2020-21122Sep 15, 2021affected <= 2.2.9
UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.