CVE-2021-34427: eclipse-birt: an attacker can use query parameters to create a JSP file and inject JSP code into the running instance

Severity: Critical

CVSS Score: 9.8

In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query parameters to create a JSP file which is accessible from remote (current BIRT viewer dir) to inject JSP code into the running instance.