CVE-2021-42777

Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:stimulsoft:reports:2013.1.1600.0:*:*:*:*:*:*:*

History

01 Nov 2022, 18:41

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-209
References (MISC) http://burninatorsec.blogspot.com/2022/04/library-rce-object-chaining-cve-2021.html - (MISC) http://burninatorsec.blogspot.com/2022/04/library-rce-object-chaining-cve-2021.html - Exploit, Third Party Advisory
CPE cpe:2.3:a:stimulsoft:reports:2013.1.1600.0:*:*:*:*:*:*:*

29 Oct 2022, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-10-29 17:15

Updated : 2024-02-04 22:51


NVD link : CVE-2021-42777

Mitre link : CVE-2021-42777

CVE.ORG link : CVE-2021-42777


JSON object : View

Products Affected

stimulsoft

  • reports
CWE
CWE-209

Generation of Error Message Containing Sensitive Information