CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-6219
https://notcve.org/view.php?id=CVE-2020-6219
SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data. SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versiones 4.1, 4.2 y Crystal Reports para VS versión 2010, permite a un atacante con autorización básica llevar a cabo ataques de deserialización en la aplicación, conllevando a interrupciones del servicio y una denegación de servicio y a una ejecución no autorizada de comandos arbitrarios, conllevando a la deserialización de datos no confiables. • https://launchpad.support.sap.com/#/notes/2863731 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6208 – SAP Crystal Reports RPT File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-6208
SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability. SAP Business Objects Business Intelligence Platform (Crystal Reports), versiones 4.1, 4.2, permite a un atacante con autorización básica inyectar código que puede ser ejecutado por la aplicación y así, permitir al atacante controlar el comportamiento de la aplicación, conllevando a una Ejecución de Código Remota. Aunque el modo de ataque es solo Local, múltiples aplicaciones pueden estar impactadas como un resultado de la vulnerabilidad. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP Crystal Reports. • https://launchpad.support.sap.com/#/notes/2861301 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 https://www.zerodayinitiative.com/advisories/ZDI-20-291 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1CVE-2019-0285 – SAP Crystal Reports - Information Disclosure
https://notcve.org/view.php?id=CVE-2019-0285
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker. El .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (corregido en la versión 2010) revela información confidencial de la base de datos, incluidas las credenciales, que el atacante puede utilizar incorrectamente. SAP Crystal Reports suffers from an information disclosure vulnerability. • https://www.exploit-db.com/exploits/47061 http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html https://launchpad.support.sap.com/#/notes/2687663 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-2427
https://notcve.org/view.php?id=CVE-2018-2427
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. SAP BusinessObjects Business Intelligence Suite, en versiones 4.10 y 4.20, y SAP Crystal Reports (versión para Visual Studio .NET, Version 2010) permite que un atacante inyecte código que puede ser ejecutado por la aplicación. Un atacante podría, por lo tanto, controlar el comportamiento de la aplicación. • http://www.securityfocus.com/bid/104715 https://launchpad.support.sap.com/#/notes/2620738 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2018-2406
https://notcve.org/view.php?id=CVE-2018-2406
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path. Vulnerabilidad de ruta de búsqueda de windows sin entrecomillar (salto de directorio/ruta) en la ruta de inicio en Crystal Reports Server OEM Edition (CRSE), en versiones 4.0, 4.10, 4.20 y 4.30. • http://www.securityfocus.com/bid/103719 https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018 https://launchpad.support.sap.com/#/notes/2560132 • CWE-428: Unquoted Search Path or Element •