Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap crystal reports - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-0018
Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these rep...
Sap Businessobjects Business Intelligence Platform 420
Sap Businessobjects Business Intelligence Platform 430
5
CVSSv2
CVE-2021-40500
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated malicious user to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploita...
Sap Businessobjects Business Intelligence Platform 4.20
Sap Businessobjects Business Intelligence Platform 4.30
6.5
CVSSv2
CVE-2020-6219
SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and ...
Sap Businessobjects Business Intelligence Platform 4.1
Sap Businessobjects Business Intelligence Platform 4.2
Sap Crystal Reports For Visual Studio 2010
1 Article
4.4
CVSSv2
CVE-2020-6208
SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the malicious user to control the behaviour of the application, leading ...
Sap Crystal Reports 4.1
Sap Crystal Reports 4.2
5
CVSSv2
CVE-2019-0285
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.
Sap Crystal Reports 2010
1 EDB exploit
6.5
CVSSv2
CVE-2018-2427
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an malicious user to inject code that can be executed by the application. An attacker could thereby control the behaviour of the ...
Sap Crystal Reports -
Sap Businessobjects Business Intelligence 4.20
Sap Businessobjects Business Intelligence 4.10
4.6
CVSSv2
CVE-2018-2406
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.
Sap Crystal Reports Server 4.10
Sap Crystal Reports Server 4.20
Sap Crystal Reports Server 4.30
Sap Crystal Reports Server 4.0
6.8
CVSSv2
CVE-2014-5505
Stack-based buffer overflow in SAP Crystal Reports allows remote malicious users to execute arbitrary code via a crafted data source string in an RPT file.
Sap Crystal Reports -
6.8
CVSSv2
CVE-2014-5506
Double free vulnerability in SAP Crystal Reports allows remote malicious users to execute arbitrary code via crafted connection string record in an RPT file.
Sap Crystal Reports -
4.3
CVSSv2
CVE-2011-4805
Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote malicious users to inject arbitrary web script or HTML via the service parameter.
Sap Crystal Reports Server 2008
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »