CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-6219
https://notcve.org/view.php?id=CVE-2020-6219
SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data. SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versiones 4.1, 4.2 y Crystal Reports para VS versión 2010, permite a un atacante con autorización básica llevar a cabo ataques de deserialización en la aplicación, conllevando a interrupciones del servicio y una denegación de servicio y a una ejecución no autorizada de comandos arbitrarios, conllevando a la deserialización de datos no confiables. • https://launchpad.support.sap.com/#/notes/2863731 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6208 – SAP Crystal Reports RPT File Parsing Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-6208
SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability. SAP Business Objects Business Intelligence Platform (Crystal Reports), versiones 4.1, 4.2, permite a un atacante con autorización básica inyectar código que puede ser ejecutado por la aplicación y así, permitir al atacante controlar el comportamiento de la aplicación, conllevando a una Ejecución de Código Remota. Aunque el modo de ataque es solo Local, múltiples aplicaciones pueden estar impactadas como un resultado de la vulnerabilidad. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP Crystal Reports. • https://launchpad.support.sap.com/#/notes/2861301 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 https://www.zerodayinitiative.com/advisories/ZDI-20-291 • CWE-416: Use After Free •