Skip to main content

Business Intelligence And Reporting Tools

3 CVEs product

Monthly

CVE-2023-0100 Maven HIGH PATCH This Week

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure Business Intelligence And Reporting Tools
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-34427 CRITICAL POC THREAT Act Now

In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Business Intelligence And Reporting Tools
NVD
CVSS 3.1
9.8
EPSS
57.7%
CVE-2019-11776 MEDIUM POC This Month

In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Business Intelligence And Reporting Tools
NVD
CVSS 3.1
6.1
EPSS
0.9%
EPSS 1% CVSS 8.8
HIGH PATCH This Week

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure +1
NVD
EPSS 58% CVSS 9.8
CRITICAL POC THREAT Act Now

In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Business Intelligence And Reporting Tools
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Business Intelligence And Reporting Tools
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy