module
SQL Server Reporting Services (SSRS) ViewState Deserialization
| Disclosed |
|---|
| Feb 11, 2020 |
Disclosed
Feb 11, 2020
Description
A vulnerability exists within Microsoft's SQL Server Reporting Services
which can allow an attacker to craft an HTTP POST request with a
serialized object to achieve remote code execution. The vulnerability is
due to the fact that the serialized blob is not signed by the server.
which can allow an attacker to craft an HTTP POST request with a
serialized object to achieve remote code execution. The vulnerability is
due to the fact that the serialized blob is not signed by the server.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.