CVE-2020-21122
Server-Side Request Forgery in UReport
EPSS 0.23%
Description
UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.
How to fix CVE-2020-21122
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Maven/com.bstek.ureport:ureport2-console—no fix listed
Is CVE-2020-21122 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, <= 2.2.9