Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for crystal_reports by sap

    CVE-2020-6208 (GCVE-0-2020-6208)

    Vulnerability from nvd – Published: 2020-03-10 20:20 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.
    CWE
    • Remote Code Execution
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:21.925Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2861301"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-291/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Business Objects Business Intelligence Platform (Crystal Reports)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 4.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-12T15:06:06.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2861301"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-291/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6208",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Business Objects Business Intelligence Platform (Crystal Reports)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "4.1"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "4.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "7.5",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2861301",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2861301"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-291/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-291/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6208",
        "datePublished": "2020-03-10T20:20:44.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:21.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0285 (GCVE-0-2019-0285)

    Vulnerability from nvd – Published: 2019-04-10 20:26 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    sap
    Impacted products
    Date Public
    2019-04-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2687663"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Crystal Reports for Visual Studio",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2010"
                }
              ]
            }
          ],
          "datePublic": "2019-04-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-01T17:06:09.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2687663"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0285",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Crystal Reports for Visual Studio",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "2010"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2687663",
                  "refsource": "CONFIRM",
                  "url": "https://launchpad.support.sap.com/#/notes/2687663"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0285",
        "datePublished": "2019-04-10T20:26:59.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2427 (GCVE-0-2018-2427)

    Vulnerability from nvd – Published: 2018-07-10 18:00 – Updated: 2024-08-05 04:21
    VLAI
    Summary
    SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.
    Severity
    No CVSS data available.
    CWE
    • Code Injection
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SAP BusinessObjects Business Intelligence Suite Affected: = 4.10
    Affected: = 4.20
    Create a notification for this product.
    SAP SAP Crystal Reports Affected: = version for Visual Studio .NET, Version 2010
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:33.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2620738"
              },
              {
                "name": "104715",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104715"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP BusinessObjects Business Intelligence Suite",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 4.10"
                },
                {
                  "status": "affected",
                  "version": "= 4.20"
                }
              ]
            },
            {
              "product": "SAP Crystal Reports",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "= version for Visual Studio .NET, Version 2010"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-12T09:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2620738"
            },
            {
              "name": "104715",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104715"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2018-2427",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP BusinessObjects Business Intelligence Suite",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "=",
                                "version_value": "4.10"
                              },
                              {
                                "version_name": "=",
                                "version_value": "4.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Crystal Reports",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "=",
                                "version_value": "version for Visual Studio .NET, Version 2010"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2620738",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2620738"
                },
                {
                  "name": "104715",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104715"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2018-2427",
        "datePublished": "2018-07-10T18:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:21:33.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5506 (GCVE-0-2014-5506)

    Vulnerability from nvd – Published: 2014-09-04 17:00 – Updated: 2024-08-06 11:48
    VLAI
    Summary
    Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-09-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:48:48.461Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.sap.com/sap/support/notes/1999142"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-302/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://scn.sap.com/docs/DOC-8218"
              },
              {
                "name": "69557",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/69557"
              },
              {
                "name": "61016",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61016"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-04T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.sap.com/sap/support/notes/1999142"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-302/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://scn.sap.com/docs/DOC-8218"
            },
            {
              "name": "69557",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/69557"
            },
            {
              "name": "61016",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61016"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5506",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://service.sap.com/sap/support/notes/1999142",
                  "refsource": "CONFIRM",
                  "url": "https://service.sap.com/sap/support/notes/1999142"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-302/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-302/"
                },
                {
                  "name": "http://scn.sap.com/docs/DOC-8218",
                  "refsource": "CONFIRM",
                  "url": "http://scn.sap.com/docs/DOC-8218"
                },
                {
                  "name": "69557",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/69557"
                },
                {
                  "name": "61016",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61016"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5506",
        "datePublished": "2014-09-04T17:00:00.000Z",
        "dateReserved": "2014-08-28T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:48:48.461Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5505 (GCVE-0-2014-5505)

    Vulnerability from nvd – Published: 2014-09-04 17:00 – Updated: 2024-08-06 11:48
    VLAI
    Summary
    Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-09-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:48:49.384Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "60877",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60877"
              },
              {
                "name": "sap-crystal-cve20145505-bo(95740)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95740"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.sap.com/sap/support/notes/1999142"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-301/"
              },
              {
                "name": "69558",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/69558"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://scn.sap.com/docs/DOC-8218"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-07T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "60877",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60877"
            },
            {
              "name": "sap-crystal-cve20145505-bo(95740)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95740"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.sap.com/sap/support/notes/1999142"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-301/"
            },
            {
              "name": "69558",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/69558"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://scn.sap.com/docs/DOC-8218"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5505",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "60877",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60877"
                },
                {
                  "name": "sap-crystal-cve20145505-bo(95740)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95740"
                },
                {
                  "name": "https://service.sap.com/sap/support/notes/1999142",
                  "refsource": "CONFIRM",
                  "url": "https://service.sap.com/sap/support/notes/1999142"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-301/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-301/"
                },
                {
                  "name": "69558",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/69558"
                },
                {
                  "name": "http://scn.sap.com/docs/DOC-8218",
                  "refsource": "CONFIRM",
                  "url": "http://scn.sap.com/docs/DOC-8218"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5505",
        "datePublished": "2014-09-04T17:00:00.000Z",
        "dateReserved": "2014-08-28T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:48:49.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2590 (GCVE-0-2010-2590)

    Vulnerability from nvd – Published: 2010-12-22 01:00 – Updated: 2024-08-07 02:39
    VLAI
    Summary
    Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://service.sap.com/sap/support/notes/1539269 x_refsource_MISC
    http://www.exploit-db.com/exploits/15733 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/45387 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/515369/100… mailing-listx_refsource_BUGTRAQ
    http://pocoftheday.blogspot.com/2010/12/crystal-r… x_refsource_MISC
    http://secunia.com/secunia_research/2010-135/ x_refsource_MISC
    http://secunia.com/advisories/42305 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/69917 vdb-entryx_refsource_OSVDB
    http://www.securitytracker.com/id?1024915 vdb-entryx_refsource_SECTRACK
    Date Public
    2010-12-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:39:37.561Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://service.sap.com/sap/support/notes/1539269"
              },
              {
                "name": "15733",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/15733"
              },
              {
                "name": "45387",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45387"
              },
              {
                "name": "20101220 Secunia Research: SAP Crystal Reports Print ActiveX Control Buffer Overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/515369/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://pocoftheday.blogspot.com/2010/12/crystal-reports-viewer-1200549-activex.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2010-135/"
              },
              {
                "name": "42305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42305"
              },
              {
                "name": "69917",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/69917"
              },
              {
                "name": "1024915",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1024915"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://service.sap.com/sap/support/notes/1539269"
            },
            {
              "name": "15733",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/15733"
            },
            {
              "name": "45387",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45387"
            },
            {
              "name": "20101220 Secunia Research: SAP Crystal Reports Print ActiveX Control Buffer Overflow",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/515369/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://pocoftheday.blogspot.com/2010/12/crystal-reports-viewer-1200549-activex.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2010-135/"
            },
            {
              "name": "42305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42305"
            },
            {
              "name": "69917",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/69917"
            },
            {
              "name": "1024915",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1024915"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2010-2590",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://service.sap.com/sap/support/notes/1539269",
                  "refsource": "MISC",
                  "url": "https://service.sap.com/sap/support/notes/1539269"
                },
                {
                  "name": "15733",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/15733"
                },
                {
                  "name": "45387",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/45387"
                },
                {
                  "name": "20101220 Secunia Research: SAP Crystal Reports Print ActiveX Control Buffer Overflow",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/515369/100/0/threaded"
                },
                {
                  "name": "http://pocoftheday.blogspot.com/2010/12/crystal-reports-viewer-1200549-activex.html",
                  "refsource": "MISC",
                  "url": "http://pocoftheday.blogspot.com/2010/12/crystal-reports-viewer-1200549-activex.html"
                },
                {
                  "name": "http://secunia.com/secunia_research/2010-135/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2010-135/"
                },
                {
                  "name": "42305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42305"
                },
                {
                  "name": "69917",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/69917"
                },
                {
                  "name": "1024915",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1024915"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2010-2590",
        "datePublished": "2010-12-22T01:00:00.000Z",
        "dateReserved": "2010-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:39:37.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3032 (GCVE-0-2010-3032)

    Vulnerability from nvd – Published: 2010-08-17 17:31 – Updated: 2024-08-07 02:55
    VLAI
    Summary
    Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2010-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:55:46.535Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2010-2074",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/2074"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-07"
              },
              {
                "name": "sap-crystal-giop-bo(61065)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61065"
              },
              {
                "name": "20100813 Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/513103/100/0/threaded"
              },
              {
                "name": "40960",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/40960"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://service.sap.com/sap/support/notes/1473327"
              },
              {
                "name": "42374",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/42374"
              },
              {
                "name": "20100811 RE: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/513024/100/0/threaded"
              },
              {
                "name": "20100811 ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/513023/100/0/threaded"
              },
              {
                "name": "1024334",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1024334"
              },
              {
                "name": "67080",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/67080"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2010-2074",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2074"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-07"
            },
            {
              "name": "sap-crystal-giop-bo(61065)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61065"
            },
            {
              "name": "20100813 Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/513103/100/0/threaded"
            },
            {
              "name": "40960",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/40960"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://service.sap.com/sap/support/notes/1473327"
            },
            {
              "name": "42374",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/42374"
            },
            {
              "name": "20100811 RE: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/513024/100/0/threaded"
            },
            {
              "name": "20100811 ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/513023/100/0/threaded"
            },
            {
              "name": "1024334",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1024334"
            },
            {
              "name": "67080",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/67080"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-3032",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2010-2074",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/2074"
                },
                {
                  "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-07",
                  "refsource": "MISC",
                  "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-07"
                },
                {
                  "name": "sap-crystal-giop-bo(61065)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61065"
                },
                {
                  "name": "20100813 Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/513103/100/0/threaded"
                },
                {
                  "name": "40960",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/40960"
                },
                {
                  "name": "https://service.sap.com/sap/support/notes/1473327",
                  "refsource": "MISC",
                  "url": "https://service.sap.com/sap/support/notes/1473327"
                },
                {
                  "name": "42374",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/42374"
                },
                {
                  "name": "20100811 RE: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/513024/100/0/threaded"
                },
                {
                  "name": "20100811 ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/513023/100/0/threaded"
                },
                {
                  "name": "1024334",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1024334"
                },
                {
                  "name": "67080",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/67080"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-3032",
        "datePublished": "2010-08-17T17:31:00.000Z",
        "dateReserved": "2010-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:55:46.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6208 (GCVE-0-2020-6208)

    Vulnerability from cvelistv5 – Published: 2020-03-10 20:20 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.
    CWE
    • Remote Code Execution
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:21.925Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2861301"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-291/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Business Objects Business Intelligence Platform (Crystal Reports)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.1"
                },
                {
                  "status": "affected",
                  "version": "\u003c 4.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-12T15:06:06.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2861301"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-291/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6208",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Business Objects Business Intelligence Platform (Crystal Reports)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "4.1"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "4.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "7.5",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2861301",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2861301"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-291/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-291/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6208",
        "datePublished": "2020-03-10T20:20:44.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:21.925Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0285 (GCVE-0-2019-0285)

    Vulnerability from cvelistv5 – Published: 2019-04-10 20:26 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    sap
    Impacted products
    Date Public
    2019-04-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.353Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2687663"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Crystal Reports for Visual Studio",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2010"
                }
              ]
            }
          ],
          "datePublic": "2019-04-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-01T17:06:09.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2687663"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0285",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Crystal Reports for Visual Studio",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "2010"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2687663",
                  "refsource": "CONFIRM",
                  "url": "https://launchpad.support.sap.com/#/notes/2687663"
                },
                {
                  "name": "http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0285",
        "datePublished": "2019-04-10T20:26:59.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.353Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2427 (GCVE-0-2018-2427)

    Vulnerability from cvelistv5 – Published: 2018-07-10 18:00 – Updated: 2024-08-05 04:21
    VLAI
    Summary
    SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.
    Severity
    No CVSS data available.
    CWE
    • Code Injection
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SAP BusinessObjects Business Intelligence Suite Affected: = 4.10
    Affected: = 4.20
    Create a notification for this product.
    SAP SAP Crystal Reports Affected: = version for Visual Studio .NET, Version 2010
    Create a notification for this product.
    Date Public
    2018-07-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:33.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2620738"
              },
              {
                "name": "104715",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104715"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP BusinessObjects Business Intelligence Suite",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 4.10"
                },
                {
                  "status": "affected",
                  "version": "= 4.20"
                }
              ]
            },
            {
              "product": "SAP Crystal Reports",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "= version for Visual Studio .NET, Version 2010"
                }
              ]
            }
          ],
          "datePublic": "2018-07-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-12T09:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2620738"
            },
            {
              "name": "104715",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104715"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2018-2427",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP BusinessObjects Business Intelligence Suite",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "=",
                                "version_value": "4.10"
                              },
                              {
                                "version_name": "=",
                                "version_value": "4.20"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Crystal Reports",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "=",
                                "version_value": "version for Visual Studio .NET, Version 2010"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Code Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2620738",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2620738"
                },
                {
                  "name": "104715",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104715"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2018-2427",
        "datePublished": "2018-07-10T18:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:21:33.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5505 (GCVE-0-2014-5505)

    Vulnerability from cvelistv5 – Published: 2014-09-04 17:00 – Updated: 2024-08-06 11:48
    VLAI
    Summary
    Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-09-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:48:49.384Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "60877",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60877"
              },
              {
                "name": "sap-crystal-cve20145505-bo(95740)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95740"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.sap.com/sap/support/notes/1999142"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-301/"
              },
              {
                "name": "69558",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/69558"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://scn.sap.com/docs/DOC-8218"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-07T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "60877",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60877"
            },
            {
              "name": "sap-crystal-cve20145505-bo(95740)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95740"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.sap.com/sap/support/notes/1999142"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-301/"
            },
            {
              "name": "69558",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/69558"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://scn.sap.com/docs/DOC-8218"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5505",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "60877",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60877"
                },
                {
                  "name": "sap-crystal-cve20145505-bo(95740)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95740"
                },
                {
                  "name": "https://service.sap.com/sap/support/notes/1999142",
                  "refsource": "CONFIRM",
                  "url": "https://service.sap.com/sap/support/notes/1999142"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-301/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-301/"
                },
                {
                  "name": "69558",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/69558"
                },
                {
                  "name": "http://scn.sap.com/docs/DOC-8218",
                  "refsource": "CONFIRM",
                  "url": "http://scn.sap.com/docs/DOC-8218"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5505",
        "datePublished": "2014-09-04T17:00:00.000Z",
        "dateReserved": "2014-08-28T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:48:49.384Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5506 (GCVE-0-2014-5506)

    Vulnerability from cvelistv5 – Published: 2014-09-04 17:00 – Updated: 2024-08-06 11:48
    VLAI
    Summary
    Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-09-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:48:48.461Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://service.sap.com/sap/support/notes/1999142"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-302/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://scn.sap.com/docs/DOC-8218"
              },
              {
                "name": "69557",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/69557"
              },
              {
                "name": "61016",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/61016"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-09-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-01-04T17:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://service.sap.com/sap/support/notes/1999142"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-302/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://scn.sap.com/docs/DOC-8218"
            },
            {
              "name": "69557",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/69557"
            },
            {
              "name": "61016",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/61016"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5506",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://service.sap.com/sap/support/notes/1999142",
                  "refsource": "CONFIRM",
                  "url": "https://service.sap.com/sap/support/notes/1999142"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-302/",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-302/"
                },
                {
                  "name": "http://scn.sap.com/docs/DOC-8218",
                  "refsource": "CONFIRM",
                  "url": "http://scn.sap.com/docs/DOC-8218"
                },
                {
                  "name": "69557",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/69557"
                },
                {
                  "name": "61016",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/61016"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5506",
        "datePublished": "2014-09-04T17:00:00.000Z",
        "dateReserved": "2014-08-28T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:48:48.461Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-2590 (GCVE-0-2010-2590)

    Vulnerability from cvelistv5 – Published: 2010-12-22 01:00 – Updated: 2024-08-07 02:39
    VLAI
    Summary
    Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://service.sap.com/sap/support/notes/1539269 x_refsource_MISC
    http://www.exploit-db.com/exploits/15733 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/45387 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/515369/100… mailing-listx_refsource_BUGTRAQ
    http://pocoftheday.blogspot.com/2010/12/crystal-r… x_refsource_MISC
    http://secunia.com/secunia_research/2010-135/ x_refsource_MISC
    http://secunia.com/advisories/42305 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/69917 vdb-entryx_refsource_OSVDB
    http://www.securitytracker.com/id?1024915 vdb-entryx_refsource_SECTRACK
    Date Public
    2010-12-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:39:37.561Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://service.sap.com/sap/support/notes/1539269"
              },
              {
                "name": "15733",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/15733"
              },
              {
                "name": "45387",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/45387"
              },
              {
                "name": "20101220 Secunia Research: SAP Crystal Reports Print ActiveX Control Buffer Overflow",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/515369/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://pocoftheday.blogspot.com/2010/12/crystal-reports-viewer-1200549-activex.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2010-135/"
              },
              {
                "name": "42305",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/42305"
              },
              {
                "name": "69917",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/69917"
              },
              {
                "name": "1024915",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1024915"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-12-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://service.sap.com/sap/support/notes/1539269"
            },
            {
              "name": "15733",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/15733"
            },
            {
              "name": "45387",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/45387"
            },
            {
              "name": "20101220 Secunia Research: SAP Crystal Reports Print ActiveX Control Buffer Overflow",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/515369/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://pocoftheday.blogspot.com/2010/12/crystal-reports-viewer-1200549-activex.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2010-135/"
            },
            {
              "name": "42305",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/42305"
            },
            {
              "name": "69917",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/69917"
            },
            {
              "name": "1024915",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1024915"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2010-2590",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://service.sap.com/sap/support/notes/1539269",
                  "refsource": "MISC",
                  "url": "https://service.sap.com/sap/support/notes/1539269"
                },
                {
                  "name": "15733",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/15733"
                },
                {
                  "name": "45387",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/45387"
                },
                {
                  "name": "20101220 Secunia Research: SAP Crystal Reports Print ActiveX Control Buffer Overflow",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/515369/100/0/threaded"
                },
                {
                  "name": "http://pocoftheday.blogspot.com/2010/12/crystal-reports-viewer-1200549-activex.html",
                  "refsource": "MISC",
                  "url": "http://pocoftheday.blogspot.com/2010/12/crystal-reports-viewer-1200549-activex.html"
                },
                {
                  "name": "http://secunia.com/secunia_research/2010-135/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2010-135/"
                },
                {
                  "name": "42305",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/42305"
                },
                {
                  "name": "69917",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/69917"
                },
                {
                  "name": "1024915",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1024915"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2010-2590",
        "datePublished": "2010-12-22T01:00:00.000Z",
        "dateReserved": "2010-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:39:37.561Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-3032 (GCVE-0-2010-3032)

    Vulnerability from cvelistv5 – Published: 2010-08-17 17:31 – Updated: 2024-08-07 02:55
    VLAI
    Summary
    Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2010-08-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T02:55:46.535Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2010-2074",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/2074"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-07"
              },
              {
                "name": "sap-crystal-giop-bo(61065)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61065"
              },
              {
                "name": "20100813 Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/513103/100/0/threaded"
              },
              {
                "name": "40960",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/40960"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://service.sap.com/sap/support/notes/1473327"
              },
              {
                "name": "42374",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/42374"
              },
              {
                "name": "20100811 RE: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/513024/100/0/threaded"
              },
              {
                "name": "20100811 ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/513023/100/0/threaded"
              },
              {
                "name": "1024334",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1024334"
              },
              {
                "name": "67080",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/67080"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-08-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-10T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2010-2074",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/2074"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-07"
            },
            {
              "name": "sap-crystal-giop-bo(61065)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61065"
            },
            {
              "name": "20100813 Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/513103/100/0/threaded"
            },
            {
              "name": "40960",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/40960"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://service.sap.com/sap/support/notes/1473327"
            },
            {
              "name": "42374",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/42374"
            },
            {
              "name": "20100811 RE: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/513024/100/0/threaded"
            },
            {
              "name": "20100811 ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/513023/100/0/threaded"
            },
            {
              "name": "1024334",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1024334"
            },
            {
              "name": "67080",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/67080"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-3032",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2010-2074",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/2074"
                },
                {
                  "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-07",
                  "refsource": "MISC",
                  "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-10-07"
                },
                {
                  "name": "sap-crystal-giop-bo(61065)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61065"
                },
                {
                  "name": "20100813 Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/513103/100/0/threaded"
                },
                {
                  "name": "40960",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/40960"
                },
                {
                  "name": "https://service.sap.com/sap/support/notes/1473327",
                  "refsource": "MISC",
                  "url": "https://service.sap.com/sap/support/notes/1473327"
                },
                {
                  "name": "42374",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/42374"
                },
                {
                  "name": "20100811 RE: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/513024/100/0/threaded"
                },
                {
                  "name": "20100811 ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/513023/100/0/threaded"
                },
                {
                  "name": "1024334",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1024334"
                },
                {
                  "name": "67080",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/67080"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-3032",
        "datePublished": "2010-08-17T17:31:00.000Z",
        "dateReserved": "2010-08-17T00:00:00.000Z",
        "dateUpdated": "2024-08-07T02:55:46.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }