Vulnerabilities > Yonyou

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-20	CVE-2023-51906	Unspecified vulnerability in Yonyou Yonbip 323.05 An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component. network low complexity yonyou critical	9.8
2024-01-20	CVE-2023-51924	Unrestricted Upload of File with Dangerous Type vulnerability in Yonyou Yonbip 323.05 An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. network low complexity yonyou CWE-434 critical	9.8
2024-01-20	CVE-2023-51925	Unrestricted Upload of File with Dangerous Type vulnerability in Yonyou Yonbip 323.05 An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. network low complexity yonyou CWE-434 critical	9.8
2024-01-20	CVE-2023-51926	Unspecified vulnerability in Yonyou Yonbip 323.05 YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component. network low complexity yonyou	7.5
2024-01-20	CVE-2023-51927	SQL Injection vulnerability in Yonyou Yonbip 323.05 YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method. network low complexity yonyou CWE-89 critical	9.8
2024-01-20	CVE-2023-51928	Unrestricted Upload of File with Dangerous Type vulnerability in Yonyou Yonbip 323.05 An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. network low complexity yonyou CWE-434 critical	9.8
2023-09-05	CVE-2023-4748	Path Traversal vulnerability in Yonyou Ufida-Nc A vulnerability, which was classified as critical, has been found in Yongyou UFIDA-NC up to 20230807. network low complexity yonyou CWE-22	7.5
2022-03-25	CVE-2022-26263	Cross-site Scripting vulnerability in Yonyou U8+ 13.0 Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp. network yonyou CWE-79	4.3
2021-10-29	CVE-2021-41746	SQL Injection vulnerability in Yonyou Turbocrm SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. network low complexity yonyou CWE-89	5.0
2021-10-22	CVE-2021-41744	Command Injection vulnerability in Yonyou Ufida Product Lifecycle Management All versions of yongyou PLM are affected by a command injection issue. network low complexity yonyou CWE-77	7.5

Vulnerabilities > Yonyou {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Yonyou"}]}

Vulnerabilities > Yonyou