UReport2 Security Vulnerability

UReport2 is a high-performance pure Java reporting engine based on Spring architecture . A security vulnerability exists in UReport2 2.2.9 and earlier versions, which stems from an arbitrary file write vulnerability in the saveReportFile method. An attacker can use this vulnerability through a...

CVE-2022-25767

All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets...

CVE-2022-25767

All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets...

com.gccloud:gc-starter-plugins-report-controller (>=1.0.0 <=2.2.2.RELEASE), com.gccloud:gc-starter-plugins-report-server (>=1.0.0 <=1.2.4.2024062001.RELEASE) +11 more potentially affected by CVE-2022-25767 via com.bstek.ureport:ureport2-console (>=2.0.0 <=2.2.9)

com.bstek.ureport:ureport2-console MAVEN version =2.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.5.1, =1.5.1, =0.0.1, =1.1.0, =3.0.4-RELEASE, =2.0, =2.8.0, =4.2.0, =4.10.0 Source cves: CVE-2022-25767 Source advisory: SNYK:JAVA-COMBSTEKUREPORT-2322018...