Devexpress : Security Vulnerabilities, CVEs, (Code Execution)

CVE-2022-28684

This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16710.
Max CVSS
8.8
EPSS Score
1.93%
Published
2022-08-03
Updated
2022-08-10

CVE-2021-36483

DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization.
Max CVSS
8.8
EPSS Score
1.50%
Published
2021-08-04
Updated
2022-02-22
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close