Headline
CVE-2021-34427: Invalid Bug ID
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.
‘538142?cve=title’ is not a valid bug number nor an alias to a bug.
Please press Back and try again.
Related news
Eclipse Business Intelligence Reporting Tool 4.11.0 Remote Code Execution
Eclipse Business Intelligence Reporting Tool versions 4.11.0 and below suffer from a bypass vulnerability that allows for remote code execution.