Maven package
com.bstek.ureport/ureport2-core
pkg:maven/com.bstek.ureport/ureport2-core
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-48848 | — | <= 2.2.9 | — | Nov 28, 2023 | An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. | ||
| CVE-2023-24187 | — | <= 2.2.9 | — | Feb 14, 2023 | An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. | ||
| CVE-2023-24188 | — | <= 2.2.9 | — | Feb 13, 2023 | ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted. | ||
| CVE-2020-21125 | — | <= 2.2.9 | — | Sep 15, 2021 | An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code. |
- CVE-2023-48848Nov 28, 2023affected <= 2.2.9
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.
- CVE-2023-24187Feb 14, 2023affected <= 2.2.9
An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.
- CVE-2023-24188Feb 13, 2023affected <= 2.2.9
ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted.
- CVE-2020-21125Sep 15, 2021affected <= 2.2.9
An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.