SQL Server Reporting Services (SSRS) ViewState Deserialization
Posted on 13 March 2020
A vulnerability exists within Microsoft's SQL Server Reporting Services which can allow an attacker to craft an HTTP POST request with a serialized object to achieve remote code execution. The vulnerability is due to the fact that the serialized blob is not signed by the server.