Aggregates CVE and security vulnerability intelligence across all ureport_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk path handling and vendor risk xxe and related problems; some flaws may lead to vendor impact file overwrite, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-48848 | An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. | [email protected] | 7.5 | 0.95% | 2023-11-28 | 2024-11-21 |
| CVE-2023-24187 | An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. | [email protected] | 7.8 | 0.92% | 2023-02-14 | 2025-03-20 |
| CVE-2023-24188 | ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted. | [email protected] | 9.1 | 1.46% | 2023-02-13 | 2025-03-21 |
| CVE-2020-21125 | An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code. | [email protected] | 9.8 | 1.72% | 2021-09-15 | 2024-11-21 |
| CVE-2020-21124 | UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page. | [email protected] | 9.8 | 2.11% | 2021-09-15 | 2024-11-21 |
| CVE-2020-21122 | UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports. | [email protected] | 5.3 | 0.82% | 2021-09-15 | 2024-11-21 |