Lucene search
Veracode Vulnerability DatabaseVERACODE:39789HistoryMar 16, 2023 - 1:50 a.m.
Remote Code Execution (RCE)
2023-03-1601:50:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
org.eclipse.birt.report.viewer
remote code execution
vulnerability
0.001 Low
EPSS
Percentile
26.3%
org.eclipse.birt.report.viewer is vulnerable to Remote Code Execution (RCE). The vulnerability exists due to ParameterAccessor.java because it does not properly check the origin of a Report Design file when the default configurations are used, allowing an attacker to inject and execute malicious JavaScript through the absolute HTTP path for the report parameter such as __report=http://xyz.com/report.rptdesign.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.eclipse.birt.report.viewer | eq | 4.9.0 | |
| org.eclipse.birt.report.viewer | eq | 4.9.0 |
Related
redhatcve
redhatcve
CVE-2023-0100
2023-03-16 06:13:04
nessus
nessus
RHEL 6 : eclipse-birt (Unpatched Vulnerability)
2024-05-11 00:00:00
prion
prion
Design/Logic Flaw
2023-03-15 15:15:00
osv
osv
CVE-2023-0100
2023-03-15 15:15:09
Improper Input Validation In Eclipse BIRT
2023-03-15 15:30:22
nvd
nvd
CVE-2023-0100
2023-03-15 15:15:09
cve
cve
CVE-2023-0100
2023-03-15 15:15:09
cvelist
cvelist
CVE-2023-0100
2023-03-15 00:00:00
github
github
Improper Input Validation In Eclipse BIRT
2023-03-15 15:30:22