Sign-up

ID

VAR-201101-0398


TITLE

SAP Crystal Reports Server Directory Traversal Vulnerability

Trust: 0.8

sources: IVD: ddac33da-1fa1-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-0357

DESCRIPTION

To successfully exploit this vulnerability, you need to verify the information legally. SAP Crystal Reports Server is a complete reporting solution for creating, managing, and delivering reports through the web or embedded enterprise applications. A security vulnerability exists in SAP Crystal Reports Server that allows malicious users to obtain sensitive information and manipulate the database. (1) ActiveX control (scriptinghelpers.dll) can use the unsafe \"CreateTextFile()\" method to overwrite existing files; (2) ActiveX control (scriptinghelpers.dll) can use the unsafe \"LaunchProgram()\" method to execute arbitrary programs. (3) ActiveX control (scriptinghelpers.dll) can use the unsafe \"DeleteFile()\" method to delete any program; (4) ActiveX control (scriptinghelpers.dll) can use the unsafe \"Kill()\" method to end any process. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SAP Crystal Reports Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43060 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43060/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43060 RELEASE DATE: 2011-01-26 DISCUSS ADVISORY: http://secunia.com/advisories/43060/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43060/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43060 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Dmitry Chastuhin has reported multiple vulnerabilities in SAP Crystal Reports Server 2008, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks, manipulate certain data, and compromise a user's system. 1) Input passed to the "actId" parameter in InfoViewApp/jsp/common/actionNav.jsp, "backUrl" parameter in InfoViewApp/jsp/common/error.jsp, and "logonAction" parameter in InfoViewApp/logon.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This can be exploited to display arbitrary files from local resources via directory traversal attacks. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Dmitry Chastuhin, Digital Security Research Group (DSecRG). ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1458310 https://service.sap.com/sap/support/notes/1458309 https://service.sap.com/sap/support/notes/1476930 DSecRG: http://dsecrg.com/pages/vul/show.php?id=301 http://dsecrg.com/pages/vul/show.php?id=302 http://dsecrg.com/pages/vul/show.php?id=303 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.25

sources: CNVD: CNVD-2011-0355 // CNVD: CNVD-2011-0357 // CNVD: CNVD-2011-0356 // IVD: ddac33da-1fa1-11e6-abef-000c29c66e3d // IVD: df4a7846-1fa1-11e6-abef-000c29c66e3d // IVD: e08ef13c-1fa1-11e6-abef-000c29c66e3d // PACKETSTORM: 97876

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 2.4

sources: IVD: ddac33da-1fa1-11e6-abef-000c29c66e3d // IVD: df4a7846-1fa1-11e6-abef-000c29c66e3d // IVD: e08ef13c-1fa1-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-0355 // CNVD: CNVD-2011-0357 // CNVD: CNVD-2011-0356

AFFECTED PRODUCTS

vendor:sapmodel:crystal reports serverscope:eqversion:2008

Trust: 2.4

sources: IVD: ddac33da-1fa1-11e6-abef-000c29c66e3d // IVD: df4a7846-1fa1-11e6-abef-000c29c66e3d // IVD: e08ef13c-1fa1-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-0355 // CNVD: CNVD-2011-0357 // CNVD: CNVD-2011-0356

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: ddac33da-1fa1-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: df4a7846-1fa1-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: e08ef13c-1fa1-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: ddac33da-1fa1-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: df4a7846-1fa1-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: e08ef13c-1fa1-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: ddac33da-1fa1-11e6-abef-000c29c66e3d // IVD: df4a7846-1fa1-11e6-abef-000c29c66e3d // IVD: e08ef13c-1fa1-11e6-abef-000c29c66e3d

TYPE

Path traversal

Trust: 0.2

sources: IVD: ddac33da-1fa1-11e6-abef-000c29c66e3d

PATCH

title:Patch for SAP Crystal Reports Server Cross-Site Scripting Vulnerability Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/2744

Trust: 0.6

title:Patch for SAP Crystal Reports Server Directory Traversal Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/2742

Trust: 0.6

title:SAP Crystal Reports Server ActiveX Control uses patches for insecure method vulnerabilitiesurl:https://www.cnvd.org.cn/patchinfo/show/2743

Trust: 0.6

sources: CNVD: CNVD-2011-0355 // CNVD: CNVD-2011-0357 // CNVD: CNVD-2011-0356

EXTERNAL IDS

db:SECUNIAid:43060

Trust: 1.9

db:CNVDid:CNVD-2011-0357

Trust: 0.8

db:CNVDid:CNVD-2011-0356

Trust: 0.8

db:CNVDid:CNVD-2011-0355

Trust: 0.8

db:IVDid:DDAC33DA-1FA1-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:DF4A7846-1FA1-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:E08EF13C-1FA1-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:PACKETSTORMid:97876

Trust: 0.1

sources: IVD: ddac33da-1fa1-11e6-abef-000c29c66e3d // IVD: df4a7846-1fa1-11e6-abef-000c29c66e3d // IVD: e08ef13c-1fa1-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-0355 // CNVD: CNVD-2011-0357 // CNVD: CNVD-2011-0356 // PACKETSTORM: 97876

REFERENCES

url:http://secunia.com/advisories/43060/http

Trust: 1.8

url:http://dsecrg.com/pages/vul/show.php?id=301

Trust: 0.1

url:https://service.sap.com/sap/support/notes/1476930

Trust: 0.1

url:http://secunia.com/products/corporate/evm/

Trust: 0.1

url:http://secunia.com/advisories/43060/

Trust: 0.1

url:https://service.sap.com/sap/support/notes/1458309

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=43060

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:https://service.sap.com/sap/support/notes/1458310

Trust: 0.1

url:http://secunia.com/products/corporate/vim/

Trust: 0.1

url:http://secunia.com/advisories/43060/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://dsecrg.com/pages/vul/show.php?id=303

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://dsecrg.com/pages/vul/show.php?id=302

Trust: 0.1

sources: CNVD: CNVD-2011-0355 // CNVD: CNVD-2011-0357 // CNVD: CNVD-2011-0356 // PACKETSTORM: 97876

CREDITS

Secunia

Trust: 0.1

sources: PACKETSTORM: 97876

SOURCES

db:IVDid:ddac33da-1fa1-11e6-abef-000c29c66e3d
db:IVDid:df4a7846-1fa1-11e6-abef-000c29c66e3d
db:IVDid:e08ef13c-1fa1-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-0355
db:CNVDid:CNVD-2011-0357
db:CNVDid:CNVD-2011-0356
db:PACKETSTORMid:97876

LAST UPDATE DATE

2022-05-17T02:08:18.923000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-0355date:2011-01-26T00:00:00
db:CNVDid:CNVD-2011-0357date:2011-01-26T00:00:00
db:CNVDid:CNVD-2011-0356date:2011-01-26T00:00:00

SOURCES RELEASE DATE

db:IVDid:ddac33da-1fa1-11e6-abef-000c29c66e3ddate:2011-01-26T00:00:00
db:IVDid:df4a7846-1fa1-11e6-abef-000c29c66e3ddate:2011-01-26T00:00:00
db:IVDid:e08ef13c-1fa1-11e6-abef-000c29c66e3ddate:2011-01-26T00:00:00
db:CNVDid:CNVD-2011-0355date:2011-01-26T00:00:00
db:CNVDid:CNVD-2011-0357date:2011-01-26T00:00:00
db:CNVDid:CNVD-2011-0356date:2011-01-26T00:00:00
db:PACKETSTORMid:97876date:2011-01-26T01:25:31