Details of VAR-201804-1135

ID

VAR-201804-1135

CVE

CVE-2018-2406

TITLE

SAP Crystal Report Server Vulnerabilities related to unquoted search paths or elements

Trust: 0.8

sources: JVNDB: JVNDB-2018-004337

DESCRIPTION

Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path. SAP Crystal Report Server Contains vulnerabilities related to unquoted search paths or elements.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SAP Crystal Reports Server is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges. Crystal Reports Server 4.0, 4.10, 4.20, and 4.30 are vulnerable

Trust: 1.89

sources: NVD: CVE-2018-2406 // JVNDB: JVNDB-2018-004337 // BID: 103719

AFFECTED PRODUCTS

vendor:	sap	model:	crystal reports server	scope:	eq	version:	4.30	Trust: 1.9
vendor:	sap	model:	crystal reports server	scope:	eq	version:	4.20	Trust: 1.9
vendor:	sap	model:	crystal reports server	scope:	eq	version:	4.10	Trust: 1.9
vendor:	sap	model:	crystal reports server	scope:	eq	version:	4.0	Trust: 1.9
vendor:	sap	model:	crystal report server	scope:	eq	version:	oem edition (crse) 4.0	Trust: 0.8
vendor:	sap	model:	crystal report server	scope:	eq	version:	oem edition (crse) 4.10	Trust: 0.8
vendor:	sap	model:	crystal report server	scope:	eq	version:	oem edition (crse) 4.20	Trust: 0.8
vendor:	sap	model:	crystal report server	scope:	eq	version:	oem edition (crse) 4.30	Trust: 0.8

sources: BID: 103719 // JVNDB: JVNDB-2018-004337 // CNNVD: CNNVD-201804-472 // NVD: CVE-2018-2406

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-2406
value:	MEDIUM
Trust: 1.0
cna@sap.com:	CVE-2018-2406
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-2406
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201804-472
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2018-2406
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2018-2406
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	1.8
impactScore:	3.4
version:	3.0
Trust: 2.8

sources: JVNDB: JVNDB-2018-004337 // CNNVD: CNNVD-201804-472 // NVD: CVE-2018-2406 // NVD: CVE-2018-2406

PROBLEMTYPE DATA

problemtype:

CWE-428

Trust: 1.8

sources: JVNDB: JVNDB-2018-004337 // NVD: CVE-2018-2406

THREAT TYPE

local

Trust: 0.9

sources: BID: 103719 // CNNVD: CNNVD-201804-472

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201804-472

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004337

PATCH

title:	April 2018 (2560132)	url:	https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/	Trust: 0.8
title:	SAP Crystal Reports Server OEM Edition Repair measures for path traversal vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83263	Trust: 0.6

sources: JVNDB: JVNDB-2018-004337 // CNNVD: CNNVD-201804-472

EXTERNAL IDS

db:	NVD	id:	CVE-2018-2406	Trust: 2.7
db:	BID	id:	103719	Trust: 2.7
db:	JVNDB	id:	JVNDB-2018-004337	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-472	Trust: 0.6

sources: BID: 103719 // JVNDB: JVNDB-2018-004337 // CNNVD: CNNVD-201804-472 // NVD: CVE-2018-2406

REFERENCES

url:	https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/	Trust: 1.9
url:	https://launchpad.support.sap.com/#/notes/2560132	Trust: 1.6
url:	http://www.securityfocus.com/bid/103719	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-2406	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-2406	Trust: 0.8
url:	https://www.securityfocus.com/bid/103719/info	Trust: 0.8
url:	http://www.sap.com	Trust: 0.3
url:	https://service.sap.com/sap/support/notes/2560132	Trust: 0.3

sources: BID: 103719 // JVNDB: JVNDB-2018-004337 // CNNVD: CNNVD-201804-472 // NVD: CVE-2018-2406

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103719

SOURCES

db:	BID	id:	103719
db:	JVNDB	id:	JVNDB-2018-004337
db:	CNNVD	id:	CNNVD-201804-472
db:	NVD	id:	CVE-2018-2406

LAST UPDATE DATE

2024-11-23T22:38:13.798000+00:00

SOURCES UPDATE DATE

db:	BID	id:	103719	date:	2018-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-004337	date:	2018-06-18T00:00:00
db:	CNNVD	id:	CNNVD-201804-472	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-2406	date:	2024-11-21T04:03:45.743

SOURCES RELEASE DATE

db:	BID	id:	103719	date:	2018-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2018-004337	date:	2018-06-18T00:00:00
db:	CNNVD	id:	CNNVD-201804-472	date:	2018-04-11T00:00:00
db:	NVD	id:	CVE-2018-2406	date:	2018-04-10T15:29:01.363