Crystal Reports
by SAP
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-2427 | Hig | 0.57 | 8.8 | 0.02 | Jul 10, 2018 | SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the… | ||
| CVE-2010-2590 | 0.07 | — | 0.47 | Dec 22, 2010 | Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value. | |||
| CVE-2010-3032 | 0.01 | — | 0.06 | Aug 17, 2010 | Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a… | |||
| CVE-2020-6219 | 0.00 | — | 0.01 | Apr 14, 2020 | SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and… | |||
| CVE-2014-5506 | 0.00 | — | 0.03 | Sep 4, 2014 | Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. | |||
| CVE-2014-5505 | 0.00 | — | 0.04 | Sep 4, 2014 | Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. |
- risk 0.57cvss 8.8epss 0.02
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the…
- CVE-2010-2590Dec 22, 2010risk 0.07cvss —epss 0.47
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.
- CVE-2010-3032Aug 17, 2010risk 0.01cvss —epss 0.06
Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a…
- CVE-2020-6219Apr 14, 2020risk 0.00cvss —epss 0.01
SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and…
- CVE-2014-5506Sep 4, 2014risk 0.00cvss —epss 0.03
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.
- CVE-2014-5505Sep 4, 2014risk 0.00cvss —epss 0.04
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file.