com.bstek.ureport:ureport2-core

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting com.bstek.ureport:ureport2-corepage 1 of 1

CVE-2020-21125CRITICALCVSS 9.8EG 9.8
2021-09-15
vulnerable: 2.0.0 ... 2.2.9 (26 versions)
An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.
CVE-2023-24187HIGHCVSS 7.8EG 7.8
2023-02-14
vulnerable: 2.0.0 ... 2.2.9 (26 versions)
An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.
CVE-2023-24188CRITICALCVSS 9.1EG 9.1
2023-02-13
vulnerable: 2.0.0 ... 2.2.9 (26 versions)
ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted.
CVE-2023-48848HIGHCVSS 7.5EG 7.5
2023-11-28
vulnerable: 2.0.0 ... 2.2.9 (26 versions)
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.

Check whether com.bstek.ureport:ureport2-core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.bstek.ureport:ureport2-core CVEs against the assets you own.

Start Free Scan →