CVE-2021-34427

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-34427
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-34427.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-34427
Published
2021-06-25T19:15:09.880Z
Modified
2026-04-10T04:34:34.874056Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.

References

Affected packages

Git / github.com/eclipse/birt

Affected ranges

Type
GIT
Repo
https://github.com/eclipse/birt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
758df0fb8d048cce195a711cb2f51569c35f3c88
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.8.0"
        }
    ]
}

Affected versions

Other
BIRT_2_0_Release_20060123
BIRT_3_7_1_RC1_201108161621
BIRT_3_7_1_RC2_201108292127
BIRT_3_7_1_RC3_201109051820
BIRT_3_7_1_Release_201109131734
BIRT_3_7_2_RC1_201201171144
BIRT_3_7_2_Release_201202141408
BIRT_4_3_0_Release_201306131152
BIRT_4_3_1_RC2_201309031312
BIRT_4_3_1_RC3_201309092207
BIRT_4_3_1_Release_201309181142
BIRT_4_3_2_Release_201402191316
BIRT_4_4_0_RC1_201405211030
BIRT_4_4_0_RC2_201405281057
BIRT_4_4_0_Release_201406111043
BIRT_4_5_0_RC4_201506092134
BIRT_4_5_0_Release_201506092134
BIRT_4_5_1_Release_201506092134
BIRT_4_6_0_Release_201606072112
BIRT_4_8_0_Release_201806261756
v200705101451
v20110803
v20110815
v20110905
v201110281843
v20120117
v20120213
v201208211204
v201208231223
v201208291456
v201208291607
v201208301143
v201209041636
v201209060505
v201209060743
v201209061114
v201209061119
v201209071804
v201209081329
v201209101219
v201209101448
v201209101614
v201209101712
v201209111026
v201209111701
v201209121047
v201209121203
v201209121206
v201209121213
v201210311502
v201211070211
v201211121517
v201211201109
v201211211442
v201211261349
v201212061403
v201212061546
v201212131704
v201212171552
v201212191626
v201212201125
v201212211615
v201212241449
v201212271608
v201301041109
v201301041534
v201301051556
v201301071801
v201301091119
v201301091129
v201301101706
v201301141601
v201301151528
v201301151658
v201301161630
v201301161710
v201301181657
v201301211803
v201301221637
v201302221451
v201302281614
v201303041525
v201303111125
v201303121119
v201303270223
v201303271507
v201303281546
v201304031124
v201304091549
v201305221129
v201305241042
v201305290957
v201305291155
v201305291555
v201305311832
v201306031409
v201306031803
v201308301349
v201309021618
v201309021722
v201309031220
v201309031242
v201309081955
v201309091742
v201309131458
v201309161141
v201309171028
v201309222030
v201310240236
v20140211-1400
v201402141300
v201402232139
v201403071303
v201403101002
v201403101018
v201403111256
v201405161656
v201405191524
v201411051741
v201411061701
v201411071527
v201411071655
v201411141154
v201411141524
v201411141525
v201411181632
v201411181634
v201411211514
v201412081016
v201412081440
v201412151637
v201412161149
v201412161714
v201412171515
v201412171534
v201501061718
v201501081716
v201501221215
v201502041715
v201502091702
v201504141336
v201504231733
v201504240905
v201504271033
v201505050958
v201505051415
v201505061331
v201505061401

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-34427.json"