In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.
CPE | Name | Operator | Version |
---|---|---|---|
business_intelligence_and_reporting_tools | le | 4.8.0 |