- Description
- In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating systems.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- nvd@nist.gov
- CWE-312
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:stimulsoft:designer:2023.1.4:*:*:*:desktop:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9E87AC3-EDEA-405B-9837-E72E152AAD22"
},
{
"criteria": "cpe:2.3:a:stimulsoft:designer:2023.1.4:*:*:*:web:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4481FACF-9808-45D8-A888-4625AE2CCB4E"
},
{
"criteria": "cpe:2.3:a:stimulsoft:designer:2023.1.5:*:*:*:desktop:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51B83B01-2BE1-46B9-AE72-80A09FADD589"
},
{
"criteria": "cpe:2.3:a:stimulsoft:designer:2023.1.5:*:*:*:web:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3171A392-E37D-4800-A358-56291DF7590B"
}
],
"operator": "OR"
}
]
}
]