Skip to main content

Ureport

3 CVEs product

Monthly

CVE-2023-48848 Maven HIGH This Week

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ureport
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-24187 Maven HIGH POC This Week

An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XXE Ureport
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-24188 Maven CRITICAL POC Act Now

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ureport
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.5%
EPSS 1% CVSS 7.5
HIGH This Week

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ureport
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XXE Ureport
NVD GitHub VulDB
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ureport
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy