ID
VAR-201101-0444
TITLE
SAP Crystal Reports Server Multiple Vulnerabilities
Trust: 0.3
DESCRIPTION
SAP Crystal Reports Server is prone to multiple cross-site scripting vulnerabilities and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. The cross-site scripting issues can be exploited to execute script code in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials. The directory-traversal issue can be exploited to disclose the contents of arbitrary files. SAP Crystal Reports Server 2008 is vulnerable.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | sap | model: | crystal reports server | scope: | eq | version: | 20080 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 45980 | Trust: 0.3 |
REFERENCES
| url: | http://dsecrg.com/pages/vul/show.php?id=301 | Trust: 0.3 |
| url: | http://dsecrg.com/pages/vul/show.php?id=303 | Trust: 0.3 |
| url: | http://www.sap.com/solutions/sapbusinessobjects/sme/reporting/crystalreportsserver/index.epx | Trust: 0.3 |
| url: | https://service.sap.com/sap/support/notes/1458310 | Trust: 0.3 |
| url: | https://service.sap.com/sap/support/notes/1476930 | Trust: 0.3 |
CREDITS
Dmitry Chastuhin
Trust: 0.3
SOURCES
| db: | BID | id: | 45980 |
LAST UPDATE DATE
2022-05-17T01:46:46.029000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 45980 | date: | 2011-01-14T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 45980 | date: | 2011-01-14T00:00:00 |