CVE-2021-34427

Summary

In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse BIRTunspecified <= 4.8.0affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References