Vulnerability Description
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eclipse | Business Intelligence And Reporting Tools | <= 4.8.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/170326/Eclipse-Business-Intelligence-ReportExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2022/Dec/30ExploitMailing ListThird Party Advisory
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142ExploitIssue TrackingPatch
- http://packetstormsecurity.com/files/170326/Eclipse-Business-Intelligence-ReportExploitThird Party Advisory
- http://seclists.org/fulldisclosure/2022/Dec/30ExploitMailing ListThird Party Advisory
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142ExploitIssue TrackingPatch
FAQ
What is CVE-2021-34427?
CVE-2021-34427 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running inst...
How severe is CVE-2021-34427?
CVE-2021-34427 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-34427?
Check the references section above for vendor advisories and patch information. Affected products include: Eclipse Business Intelligence And Reporting Tools.