CVE-2021-34427
CRITICAL EXPLOITED NUCLEIEclipse Business Intelligence And Rep... - Improper Input Validation
Title source: ruleDescription
In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.
Nuclei Templates (1)
Eclipse BIRT Viewer - Remote Code Execution
CRITICALVERIFIEDby us3r777,Synacktiv
Shodan:
http.title:"eclipse birt home"
References (3)
Scores
CVSS v3
9.8
EPSS
0.6082
EPSS Percentile
98.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2025-12-16
CWE
CWE-434
CWE-20
Status
published
Products (1)
eclipse/business_intelligence_and_reporting_tools
< 4.8.0
Published
Jun 25, 2021
Tracked Since
Feb 18, 2026