Skip to main content

Crystal Reports

5 CVEs product

Monthly

CVE-2020-6208 HIGH This Week

SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

SAP Use After Free Memory Corruption RCE Crystal Reports
NVD
CVSS 3.1
8.2
EPSS
1.1%
CVE-2019-0285 CRITICAL POC Act Now

The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SAP Crystal Reports
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.6%
CVE-2018-2427 HIGH PATCH This Week

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE SAP Businessobjects Business Intelligence Crystal Reports
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2014-5506 MEDIUM This Month

Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE SAP Crystal Reports
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2014-5505 MEDIUM This Month

Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE SAP Buffer Overflow Crystal Reports
NVD
CVSS 2.0
6.8
EPSS
6.5%
EPSS 1% CVSS 8.2
HIGH This Week

SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

SAP Use After Free Memory Corruption +2
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SAP Crystal Reports
NVD Exploit-DB
EPSS 2% CVSS 8.8
HIGH PATCH This Week

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE SAP +2
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE SAP Crystal Reports
NVD
EPSS 7% CVSS 6.8
MEDIUM This Month

Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE SAP Buffer Overflow +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy