Описание
In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating systems.
Ссылки
- Product
- Broken Link
- ExploitThird Party Advisory
- Product
- Broken Link
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:stimulsoft:designer:2023.1.4:*:*:*:desktop:*:*:*
cpe:2.3:a:stimulsoft:designer:2023.1.4:*:*:*:web:*:*:*
cpe:2.3:a:stimulsoft:designer:2023.1.5:*:*:*:desktop:*:*:*
cpe:2.3:a:stimulsoft:designer:2023.1.5:*:*:*:web:*:*:*
EPSS
Процентиль: 9%
0.00032
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-312
Связанные уязвимости
CVSS3: 5.5
github
почти 3 года назад
In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating systems.
EPSS
Процентиль: 9%
0.00032
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-312