VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Aug 6, 2004· Updated Apr 16, 2026

CVE-2004-0204

CVE-2004-0204

Description

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

Affected products

19
  • Bea/Weblogic Server9 versions
    cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*
  • Borland Software/J Builder
    cpe:2.3:a:borland_software:j_builder:*:*:*:*:*:*:*:*
  • Businessobjects/Crystal Enterprise2 versions
    cpe:2.3:a:businessobjects:crystal_enterprise:10:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:businessobjects:crystal_enterprise:10:*:*:*:*:*:*:*
    • cpe:2.3:a:businessobjects:crystal_enterprise:9:*:*:*:*:*:*:*
  • Businessobjects/Crystal Enterprise Java Sdk
    cpe:2.3:a:businessobjects:crystal_enterprise_java_sdk:8.5:*:*:*:*:*:*:*
  • Businessobjects/Crystal Enterprise Ras
    cpe:2.3:a:businessobjects:crystal_enterprise_ras:8.5:*:unix:*:*:*:*:*
  • Businessobjects/Crystal Reports2 versions
    cpe:2.3:a:businessobjects:crystal_reports:10:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:businessobjects:crystal_reports:10:*:*:*:*:*:*:*
    • cpe:2.3:a:businessobjects:crystal_reports:9:*:*:*:*:*:*:*
  • Microsoft/Business Solutions Crm
    cpe:2.3:a:microsoft:business_solutions_crm:1.2:*:*:*:*:*:*:*
  • Microsoft/Outlook
    cpe:2.3:a:microsoft:outlook:2003:*:business_contact_manager:*:*:*:*:*
  • Microsoft/Visual Studio .net
    cpe:2.3:a:microsoft:visual_studio_.net:2003:gold:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.