CVE-2021-42777

Published: Oct 29, 2022Modified: May 7, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start.

Affected (1)

Products: Stimulsoft: Reports

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Stimulsoft Reports	Version 2013.1.1600.0

Related CWEs

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (2)

http://burninatorsec.blogspot.com/2022/04/library-rce-object-chaining-cve-2021.html

Source: cve@mitre.org

ExploitThird Party Advisory

http://burninatorsec.blogspot.com/2022/04/library-rce-object-chaining-cve-2021.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.