Ureport@2.2.9 Security Vulnerabilities and Issues — Ureport@2.2.9 CVE List

Lucene search

Ureport ProjectUreport2.2.9

6 matches found

CVE•added 2021/09/15 5:15 p.m.•61 views

CVE-2020-21122

UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.

5.3CVSS5.2AI score0.00227EPSS

CVE•added 2023/02/14 2:15 a.m.•61 views

CVE-2023-24187

An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.

7.8CVSS7.8AI score0.00043EPSS

CVE•added 2021/09/15 5:15 p.m.•60 views

CVE-2020-21125

An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.

9.8CVSS9.6AI score0.00853EPSS

CVE•added 2023/02/13 8:15 p.m.•50 views

CVE-2023-24188

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted.

9.1CVSS9.2AI score0.00244EPSS

CVE•added 2023/11/28 5:15 p.m.•39 views

CVE-2023-48848

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.

7.5CVSS7.3AI score0.0009EPSS

CVE•added 2021/09/15 5:15 p.m.•31 views

CVE-2020-21124

UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.

9.8CVSS9.7AI score0.00743EPSS