UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.
5.3CVSS
5.2AI Score
0.001EPSS
UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.
9.8CVSS
9.7AI Score
0.004EPSS
An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.
9.8CVSS
9.6AI Score
0.003EPSS
An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.
7.8CVSS
7.8AI Score
0.001EPSS
ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted.
9.1CVSS
9.2AI Score
0.001EPSS
An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.
7.5CVSS
7.3AI Score
0.001EPSS