Monday, September 27, 2021

Server-Side Request Forgery (SSRF) - com.bstek.ureport:ureport2-console [0,]

Overview

com.bstek.ureport:ureport2-console is an UReport2 is a high-performance pure Java report engine based on Spring architecture, where complex Chinese-style statements and reports can be prepared by iterating over cells.

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) in the designer page. It allows attackers to detect intranet device ports.

Remediation

There is no fixed version for com.bstek.ureport:ureport2-console.

References

 

Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore