CVE-2021-42777

Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start.

Published: Oct 29, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-42777
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-209

OWASP TOP 10:

A6 - Security Misconfiguration

Affected Software
References

Software	From	Fixed in
stimulsoft / reports	2013.1.1600.0	2013.1.1600.0.x

http://burninatorsec.blogspot.com/2022/04/library-rce-object-chaining-cve-2021.html

Vulnerability Database

289,697

CVE-2021-42777