// For flags

CVE-2004-0204

Business Objects Crystal Reports 9/10 Web Form Viewer - Directory Traversal

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

Vulnerabilidad de atravesamiento de directorios en los visores web de Business Objects Crystal Reports 9 and 10, y Crystal Enterprise 9 o 10, usados en Visual Studio .NET 2003 y Outlook 2003 con Business Contact Manager, Microsoft Business Solutions CRM 1.2, y otros productos, permiten a atacantes remotos leer y borrar ficheros de su elección mediante secuencias ".." en el argumento dynamicimag de crystalimagehandler.aspx.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2004-03-11 CVE Reserved
  • 2004-05-03 First Exploit
  • 2004-06-11 CVE Published
  • 2024-06-26 EPSS Updated
  • 2024-08-08 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Bea
Search vendor "Bea"
Weblogic Server
Search vendor "Bea" for product "Weblogic Server"
8.1
Search vendor "Bea" for product "Weblogic Server" and version "8.1"
-
Affected
Bea
Search vendor "Bea"
Weblogic Server
Search vendor "Bea" for product "Weblogic Server"
8.1
Search vendor "Bea" for product "Weblogic Server" and version "8.1"
express
Affected
Bea
Search vendor "Bea"
Weblogic Server
Search vendor "Bea" for product "Weblogic Server"
8.1
Search vendor "Bea" for product "Weblogic Server" and version "8.1"
win32
Affected
Bea
Search vendor "Bea"
Weblogic Server
Search vendor "Bea" for product "Weblogic Server"
8.1
Search vendor "Bea" for product "Weblogic Server" and version "8.1"
sp1
Affected
Bea
Search vendor "Bea"
Weblogic Server
Search vendor "Bea" for product "Weblogic Server"
8.1
Search vendor "Bea" for product "Weblogic Server" and version "8.1"
sp1, express
Affected
Bea
Search vendor "Bea"
Weblogic Server
Search vendor "Bea" for product "Weblogic Server"
8.1
Search vendor "Bea" for product "Weblogic Server" and version "8.1"
sp1, win32
Affected
Bea
Search vendor "Bea"
Weblogic Server
Search vendor "Bea" for product "Weblogic Server"
8.1
Search vendor "Bea" for product "Weblogic Server" and version "8.1"
sp2
Affected
Bea
Search vendor "Bea"
Weblogic Server
Search vendor "Bea" for product "Weblogic Server"
8.1
Search vendor "Bea" for product "Weblogic Server" and version "8.1"
sp2, express
Affected
Bea
Search vendor "Bea"
Weblogic Server
Search vendor "Bea" for product "Weblogic Server"
8.1
Search vendor "Bea" for product "Weblogic Server" and version "8.1"
sp2, win32
Affected
Borland Software
Search vendor "Borland Software"
J Builder
Search vendor "Borland Software" for product "J Builder"
*-
Affected
Businessobjects
Search vendor "Businessobjects"
Crystal Enterprise
Search vendor "Businessobjects" for product "Crystal Enterprise"
9
Search vendor "Businessobjects" for product "Crystal Enterprise" and version "9"
-
Affected
Businessobjects
Search vendor "Businessobjects"
Crystal Enterprise
Search vendor "Businessobjects" for product "Crystal Enterprise"
10
Search vendor "Businessobjects" for product "Crystal Enterprise" and version "10"
-
Affected
Businessobjects
Search vendor "Businessobjects"
Crystal Enterprise Java Sdk
Search vendor "Businessobjects" for product "Crystal Enterprise Java Sdk"
8.5
Search vendor "Businessobjects" for product "Crystal Enterprise Java Sdk" and version "8.5"
-
Affected
Businessobjects
Search vendor "Businessobjects"
Crystal Enterprise Ras
Search vendor "Businessobjects" for product "Crystal Enterprise Ras"
8.5
Search vendor "Businessobjects" for product "Crystal Enterprise Ras" and version "8.5"
unix
Affected
Businessobjects
Search vendor "Businessobjects"
Crystal Reports
Search vendor "Businessobjects" for product "Crystal Reports"
9
Search vendor "Businessobjects" for product "Crystal Reports" and version "9"
-
Affected
Businessobjects
Search vendor "Businessobjects"
Crystal Reports
Search vendor "Businessobjects" for product "Crystal Reports"
10
Search vendor "Businessobjects" for product "Crystal Reports" and version "10"
-
Affected
Microsoft
Search vendor "Microsoft"
Business Solutions Crm
Search vendor "Microsoft" for product "Business Solutions Crm"
1.2
Search vendor "Microsoft" for product "Business Solutions Crm" and version "1.2"
-
Affected
Microsoft
Search vendor "Microsoft"
Outlook
Search vendor "Microsoft" for product "Outlook"
2003
Search vendor "Microsoft" for product "Outlook" and version "2003"
business_contact_manager
Affected
Microsoft
Search vendor "Microsoft"
Visual Studio .net
Search vendor "Microsoft" for product "Visual Studio .net"
2003
Search vendor "Microsoft" for product "Visual Studio .net" and version "2003"
gold
Affected