CVE-2021-36483

DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
devexpressdevexpress
𝑥
≤ 21.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/tree-chtsec/27013ed6cb297b24e44f6359439b678e
https://supportcenter.devexpress.com/ticket/details/t1031535/reporting-unsafe-data-type-deserialization
https://supportcenter.devexpress.com/ticket/details/t708194/net-web-controls-unsafe-data-type-deserialization
https://supportcenter.devexpress.com/ticket/details/t714296/net-desktop-controls-unsafe-data-type-deserialization
https://www.chtsecurity.com/news/a01d1bc6-19c8-4187-b343-6bc685efe64f
https://www.zerodayinitiative.com/advisories/ZDI-22-341/
https://gist.github.com/tree-chtsec/27013ed6cb297b24e44f6359439b678e
https://supportcenter.devexpress.com/ticket/details/t1031535/reporting-unsafe-data-type-deserialization
https://supportcenter.devexpress.com/ticket/details/t708194/net-web-controls-unsafe-data-type-deserialization
https://supportcenter.devexpress.com/ticket/details/t714296/net-desktop-controls-unsafe-data-type-deserialization
https://www.chtsecurity.com/news/a01d1bc6-19c8-4187-b343-6bc685efe64f
https://www.zerodayinitiative.com/advisories/ZDI-22-341/