CVE-2021-36483: DevExpress SafeBinaryFormatter Deserialization of Untrusted Data Remote Code Execution Vulnerability
First published: Wed Aug 04 2021(Updated: )
DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| openMairie Openpresse | <=21.1 | |
| openMairie Openpresse |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.zerodayinitiative.com/advisories/ZDI-22-341/
- https://gist.github.com/tree-chtsec/27013ed6cb297b24e44f6359439b678e
- https://supportcenter.devexpress.com/ticket/details/t1031535/reporting-unsafe-data-type-deserialization
- https://supportcenter.devexpress.com/ticket/details/t708194/net-web-controls-unsafe-data-type-deserialization
- https://supportcenter.devexpress.com/ticket/details/t714296/net-desktop-controls-unsafe-data-type-deserialization
- https://www.chtsecurity.com/news/a01d1bc6-19c8-4187-b343-6bc685efe64f
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/description
- agent/first-publish-date
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-22-341
- alias/ZDI-CAN-14619
- alias/CVE-2021-36483
- agent/software-canonical-lookup
- vendor/devexpress
- canonical/openmairie openpresse
- version/openmairie openpresse/21.1