CVE-2005-1930 — Path Traversal in Micro Serverprotect

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.9%

top 24.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Serverprotect

Timeline

PublishedDec 14

Latest updateMay 1

Description

Directory traversal vulnerability in the Crystal Report component (rptserver.asp) in Trend Micro ServerProtect Management Console 5.58, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, and possibly earlier versions, allows remote attackers to read arbitrary files via the IMAGE parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDtrend_micro/serverprotect5.58

🔴Vulnerability Details

GHSA

GHSA-q7x5-c7h3-w76j: Directory traversal vulnerability in the Crystal Report component (rptserver↗2022-05-01

▶

CVEList

CVE-2005-1930: Directory traversal vulnerability in the Crystal Report component (rptserver↗2005-12-14

▶