QID 980850

QID 980850: Java (maven) Security Update for com.bstek.ureport:ureport2-console (GHSA-6q3p-36f4-cwxv)

UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.

Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.

  • CVSS V3 rated as Medium - 5.3 severity.
  • CVSS V2 rated as Medium - 5 severity.
  • Solution
    Customers are advised to refer to GHSA-6q3p-36f4-cwxv for updates pertaining to this vulnerability.
    Vendor References

    CVEs related to QID 980850

    Software Advisories
    Advisory ID Software Component Link
    GHSA-6q3p-36f4-cwxv com.bstek.ureport:ureport2-console URL Logo github.com/advisories/GHSA-6q3p-36f4-cwxv