Yonyou Yonbip
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Yonyou Yonbip.
By the Year
In 2026 there have been 0 vulnerabilities in Yonyou Yonbip. Last year, in 2025 Yonbip had 1 security vulnerability published. Right now, Yonbip is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 4.30 |
| 2024 | 6 | 9.42 |
It may take a day or so for new Yonbip vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Yonyou Yonbip Security Vulnerabilities
Yonyou YonBIP MA2.7 Path Traversal via FileInputStream
CVE-2025-3562
4.3 - Medium
- April 14, 2025
A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared as problematic. Affected by this vulnerability is the function FileInputStream of the file /mobsm/common/userfile. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Directory traversal
YonBIP 3.23.05 Arbitrary File Upload (ArcpUploadAction)
CVE-2023-51925
9.8 - Critical
- January 20, 2024
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.
Unrestricted File Upload
Arbitrary File Upload in YonBIP v3.23.05 via IResourceManager
CVE-2023-51924
9.8 - Critical
- January 20, 2024
An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.
Unrestricted File Upload
Remote Code Execution YonBIP v3_23.05 ServiceDispatcherServlet (IResourceManager)
CVE-2023-51906
9.8 - Critical
- January 20, 2024
An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component.
YonBIP v3.23.05: Arbitrary File Upload in ArcpUploadAction Allows RCE
CVE-2023-51928
9.8 - Critical
- January 20, 2024
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.
Unrestricted File Upload
SQL Injection in YonBIP v3.23.05 AttendScriptController.runScript() (Java)
CVE-2023-51927
9.8 - Critical
- January 20, 2024
YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method.
SQL Injection
YonBIP v3.23.05 CommonServletDispatcher: Arbitrary File Read
CVE-2023-51926
7.5 - High
- January 20, 2024
YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Yonyou Yonbip or by Yonyou? Click the Watch button to subscribe.
