Eclipse Business Intelligence And Reporting Tools vulnerabilities
3 known vulnerabilities affecting eclipse/business_intelligence_and_reporting_tools.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-34427P1CRITICALCVSS 9.8ExploitedPoC≤ 4.8.02021-06-25
CVE-2021-34427 [CRITICAL] CWE-20 CVE-2021-34427: In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP fil
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.
nvd
CVE-2023-0100P3HIGHCVSS 8.8≥ 2.6.2, < 4.13.02023-03-15
CVE-2023-0100 [HIGH] CWE-20 CVE-2023-0100: In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report
In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host h
nvd
CVE-2019-11776P4MEDIUMCVSS 6.1≥ 1.0.0, ≤ 4.7.02019-08-09
CVE-2019-11776 [MEDIUM] CWE-79 CVE-2019-11776: In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attack
In Eclipse BIRT versions 1.0 to 4.7, the Report Viewer allows Reflected XSS in URL parameter. Attacker can execute the payload in victim's browser context.
nvd