Lucene search

[email protected]CVE-2020-15865

HistoryAug 18, 2020 - 9:15 p.m.

CVE-2020-15865

2020-08-1821:15:12

CWE-94

[email protected]

web.nvd.nist.gov

stimulsoft

remote code execution

vulnerability

cve-2020-15865

nvd

security

base64

xml

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.015 Low

EPSS

Percentile

87.0%

JSON

A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server.

Affected configurations

NVD

Node

stimulsoftreportsMatch2013.1.1600.0

CPENameOperatorVersion
stimulsoft:reportsstimulsoft reportseq2013.1.1600.0

CPE	Name	Operator	Version
stimulsoft:reports	stimulsoft reports	eq	2013.1.1600.0

References

burninatorsec.blogspot.com/2018/11/reporting-c-serialization-remote-code.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.015 Low

EPSS

Percentile

87.0%

JSON

Related for CVE-2020-15865

cvelist1 prion1 nvd1