Vulnerabilities > Yonyou > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-20 | CVE-2023-51906 | Unspecified vulnerability in Yonyou Yonbip 323.05 An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component. | 9.8 |
| 2024-01-20 | CVE-2023-51924 | Unrestricted Upload of File with Dangerous Type vulnerability in Yonyou Yonbip 323.05 An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 |
| 2024-01-20 | CVE-2023-51925 | Unrestricted Upload of File with Dangerous Type vulnerability in Yonyou Yonbip 323.05 An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 |
| 2024-01-20 | CVE-2023-51927 | SQL Injection vulnerability in Yonyou Yonbip 323.05 YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method. | 9.8 |
| 2024-01-20 | CVE-2023-51928 | Unrestricted Upload of File with Dangerous Type vulnerability in Yonyou Yonbip 323.05 An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 |
| 2021-10-22 | CVE-2021-41744 | Command Injection vulnerability in Yonyou Ufida Product Lifecycle Management All versions of yongyou PLM are affected by a command injection issue. | 9.8 |