Sap Crystal Reports Server vulnerabilities
5 known vulnerabilities affecting sap/crystal_reports_server.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2018-2406MEDIUMCVSS 5.3v4.0v4.10+2 more2018-04-10
CVE-2018-2406 [MEDIUM] CWE-428 CVE-2018-2406: Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.
nvd
CVE-2011-4805MEDIUMCVSS 4.3v20082011-12-14
CVE-2011-4805 [MEDIUM] CWE-79 CVE-2011-4805: Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows
Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter.
nvd
CVE-2009-3345CRITICALCVSS 10.0v20082009-09-24
CVE-2009-3345 [CRITICAL] CWE-119 CVE-2009-3345: Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors,
Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned
nvd
CVE-2009-3346CRITICALCVSS 10.0v20082009-09-24
CVE-2009-3346 [CRITICAL] CVE-2009-3346: Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbi
Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the
nvd
CVE-2009-3344MEDIUMCVSS 5.0v20082009-09-24
CVE-2009-3344 [MEDIUM] CVE-2009-3344: Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause
Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a r
nvd