CVE-2021-34427 vulnerability in Eclipse Products
Published on June 25, 2021
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2021-34427
stack.watch emails you whenever new vulnerabilities are published in Eclipse Birt or Eclipse Business Intelligence Reporting Tools. Just hit a watch button to start following.
Affected Versions
The Eclipse Foundation Eclipse BIRT:- Version unspecified, <= 4.8.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.