CVE-2021-42777

Name of the Vulnerable Software and Affected Versions Stimulsoft (aka Stimulsoft Reports) version 2013.1.1600.0

Description The issue allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine. This is demonstrated by the use of System.Diagnostics.Process.Start.

Recommendations For Stimulsoft (aka Stimulsoft Reports) version 2013.1.1600.0, consider disabling the Compilation Mode as a temporary workaround until a patch is available. Restrict access to sensitive reports and machines to minimize the risk of exploitation. Avoid using the System.Diagnostics.Process.Start function in reports until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.