cbcvebase.

Stimulsoft Designer vulnerabilities

4 known vulnerabilities affecting stimulsoft/designer.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2023-25261P2CRITICALCVSS 9.8v2023.1v2023.1.3+1 more2023-03-27
CVE-2023-25261 [CRITICAL] CWE-94 CVE-2023-25261: Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Des Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include source code which reads or writes local directories
nvd
CVE-2023-25262P3HIGHCVSS 7.5v2023.1.3v2023.1.42023-03-28
CVE-2023-25262 [HIGH] CWE-918 CVE-2023-25262: Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSR Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF). TThe Reporting Designer (Web) offers the possibility to embed sources from external locations. If the user chooses an external location, the request to that resource is performed by the server rather than the client. Therefore, the server causes out
nvd
CVE-2023-25260P3HIGHCVSS 7.5v2023.1.3v2023.1.42023-03-28
CVE-2023-25260 [HIGH] CWE-552 CVE-2023-25260: Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion. Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.
nvd
CVE-2023-25263P4MEDIUMCVSS 5.5v2023.1.4v2023.1.52023-03-27
CVE-2023-25263 [MEDIUM] CWE-312 CVE-2023-25263: In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft. In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating systems.
nvd
Stimulsoft Designer vulnerabilities | cvebase