TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2020-15865

CRITICAL
9.8

Beschreibung

A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server.

CVE Details

CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht8/18/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

stimulsoft:reports

Schwachen (CWE)

CWE-94

Referenzen

http://burninatorsec.blogspot.com/2018/11/reporting-c-serialization-remote-code.html(cve@mitre.org)
http://burninatorsec.blogspot.com/2018/11/reporting-c-serialization-remote-code.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.