Vulnerabilities > CVE-2022-25767 - Deserialization of Untrusted Data vulnerability in Ureport2 Project Ureport2

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ureport2-project

CWE-502

critical

NVD

Published: 2022-05-01

Updated: 2022-05-11

Summary

All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets.

Vulnerable Configurations

Part	Description	Count
Application	Ureport2_Project Ureport2 Project Ureport2 *	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://github.com/JinYiTong/CVE-Req/blob/main/ureport2/ureport2-console.md
https://snyk.io/vuln/SNYK-JAVA-COMBSTEKUREPORT-2322018