Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-0285Cleartext Storage of Sensitive Info in SE SAP Crystal Reports FOR Visual Studio

CWE-312Cleartext Storage of Sensitive Info4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
7.3%
top 8.31%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SAP SE SAP Crystal Reports FOR Visual StudioSAP Crystal Reports
Timeline
PublishedApr 10
Latest updateMay 13

Description

The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-q65c-v485-vhfq: The2022-05-13
CVEList
CVE-2019-0285: The2019-04-10

💥Exploits & PoCs

1
Exploit-DB
SAP Crystal Reports - Information Disclosure2019-07-01
CVE-2019-0285 — Cleartext Storage of Sensitive Info | cvebase