com.bstek.ureport:ureport2-console
Maven2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting com.bstek.ureport:ureport2-consolepage 1 of 1
- CVE-2020-21122MEDIUMCVSS 5.3EG 5.32021-09-15
vulnerable: 2.0.0 ... 2.2.9 (26 versions)
UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.
- CVE-2022-25767CRITICALCVSS 9.8EG 9.82022-05-01
vulnerable: 2.0.0 ... 2.2.9 (26 versions)
All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets.
Check whether com.bstek.ureport:ureport2-console is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.bstek.ureport:ureport2-console CVEs against the assets you own.
Start Free Scan →