Search criteria
12 vulnerabilities found for crystal_enterprise by businessobjects
CVE-2004-2742 (GCVE-0-2004-2742)
Vulnerability from cvelistv5 – Published: 2007-10-09 10:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1012703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012703"
},
{
"name": "crystal-enterprise-report-xss(18684)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18684"
},
{
"name": "12596",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/12596"
},
{
"name": "12107",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12107"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.businessobjects.com/library/kbase/articles/c2016559.asp"
},
{
"name": "13644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1012703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012703"
},
{
"name": "crystal-enterprise-report-xss(18684)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18684"
},
{
"name": "12596",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/12596"
},
{
"name": "12107",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12107"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.businessobjects.com/library/kbase/articles/c2016559.asp"
},
{
"name": "13644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13644"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1012703",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012703"
},
{
"name": "crystal-enterprise-report-xss(18684)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18684"
},
{
"name": "12596",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12596"
},
{
"name": "12107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12107"
},
{
"name": "http://support.businessobjects.com/library/kbase/articles/c2016559.asp",
"refsource": "CONFIRM",
"url": "http://support.businessobjects.com/library/kbase/articles/c2016559.asp"
},
{
"name": "13644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13644"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2742",
"datePublished": "2007-10-09T10:00:00",
"dateReserved": "2007-10-08T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4099 (GCVE-0-2006-4099)
Vulnerability from cvelistv5 – Published: 2006-11-29 17:00 – Updated: 2024-08-07 18:57
VLAI?
Summary
Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:45.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21350"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf"
},
{
"name": "23137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23137"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf"
},
{
"name": "crystalreports-wcsid-session-hijacking(30568)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30568"
},
{
"name": "ADV-2006-4748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21350"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf"
},
{
"name": "23137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23137"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf"
},
{
"name": "crystalreports-wcsid-session-hijacking(30568)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30568"
},
{
"name": "ADV-2006-4748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21350"
},
{
"name": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf",
"refsource": "CONFIRM",
"url": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf"
},
{
"name": "23137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23137"
},
{
"name": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf",
"refsource": "MISC",
"url": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf"
},
{
"name": "crystalreports-wcsid-session-hijacking(30568)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30568"
},
{
"name": "ADV-2006-4748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4748"
},
{
"name": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf",
"refsource": "MISC",
"url": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4099",
"datePublished": "2006-11-29T17:00:00",
"dateReserved": "2006-08-14T00:00:00",
"dateUpdated": "2024-08-07T18:57:45.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1981 (GCVE-0-2004-1981)
Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-08-08 01:07
VLAI?
Summary
The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-dos(16046)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-dos(16046)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16046"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-dos(16046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16046"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1981",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0204 (GCVE-0-2004-0204)
Vulnerability from cvelistv5 – Published: 2004-06-11 04:00 – Updated: 2024-08-08 00:10
VLAI?
Summary
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp"
},
{
"name": "11800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11800"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-file-deletion(16044)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16044"
},
{
"name": "6748",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6748"
},
{
"name": "10260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10260"
},
{
"name": "oval:org.mitre.oval:def:1157",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157"
},
{
"name": "MS04-017",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via \"..\" sequences in the dynamicimag argument to crystalimagehandler.aspx."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp"
},
{
"name": "11800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11800"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-file-deletion(16044)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16044"
},
{
"name": "6748",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6748"
},
{
"name": "10260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10260"
},
{
"name": "oval:org.mitre.oval:def:1157",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157"
},
{
"name": "MS04-017",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via \"..\" sequences in the dynamicimag argument to crystalimagehandler.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"name": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp",
"refsource": "CONFIRM",
"url": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp"
},
{
"name": "11800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11800"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-file-deletion(16044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16044"
},
{
"name": "6748",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6748"
},
{
"name": "10260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10260"
},
{
"name": "oval:org.mitre.oval:def:1157",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157"
},
{
"name": "MS04-017",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0204",
"datePublished": "2004-06-11T04:00:00",
"dateReserved": "2004-03-11T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2742 (GCVE-0-2004-2742)
Vulnerability from nvd – Published: 2007-10-09 10:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1012703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012703"
},
{
"name": "crystal-enterprise-report-xss(18684)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18684"
},
{
"name": "12596",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/12596"
},
{
"name": "12107",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12107"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.businessobjects.com/library/kbase/articles/c2016559.asp"
},
{
"name": "13644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1012703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012703"
},
{
"name": "crystal-enterprise-report-xss(18684)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18684"
},
{
"name": "12596",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/12596"
},
{
"name": "12107",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12107"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.businessobjects.com/library/kbase/articles/c2016559.asp"
},
{
"name": "13644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13644"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1012703",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012703"
},
{
"name": "crystal-enterprise-report-xss(18684)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18684"
},
{
"name": "12596",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12596"
},
{
"name": "12107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12107"
},
{
"name": "http://support.businessobjects.com/library/kbase/articles/c2016559.asp",
"refsource": "CONFIRM",
"url": "http://support.businessobjects.com/library/kbase/articles/c2016559.asp"
},
{
"name": "13644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13644"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2742",
"datePublished": "2007-10-09T10:00:00",
"dateReserved": "2007-10-08T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4099 (GCVE-0-2006-4099)
Vulnerability from nvd – Published: 2006-11-29 17:00 – Updated: 2024-08-07 18:57
VLAI?
Summary
Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:45.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21350"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf"
},
{
"name": "23137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23137"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf"
},
{
"name": "crystalreports-wcsid-session-hijacking(30568)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30568"
},
{
"name": "ADV-2006-4748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21350"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf"
},
{
"name": "23137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23137"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf"
},
{
"name": "crystalreports-wcsid-session-hijacking(30568)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30568"
},
{
"name": "ADV-2006-4748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21350"
},
{
"name": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf",
"refsource": "CONFIRM",
"url": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf"
},
{
"name": "23137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23137"
},
{
"name": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf",
"refsource": "MISC",
"url": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf"
},
{
"name": "crystalreports-wcsid-session-hijacking(30568)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30568"
},
{
"name": "ADV-2006-4748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4748"
},
{
"name": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf",
"refsource": "MISC",
"url": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4099",
"datePublished": "2006-11-29T17:00:00",
"dateReserved": "2006-08-14T00:00:00",
"dateUpdated": "2024-08-07T18:57:45.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1981 (GCVE-0-2004-1981)
Vulnerability from nvd – Published: 2005-05-10 04:00 – Updated: 2024-08-08 01:07
VLAI?
Summary
The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-dos(16046)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-dos(16046)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16046"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-dos(16046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16046"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1981",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0204 (GCVE-0-2004-0204)
Vulnerability from nvd – Published: 2004-06-11 04:00 – Updated: 2024-08-08 00:10
VLAI?
Summary
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp"
},
{
"name": "11800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11800"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-file-deletion(16044)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16044"
},
{
"name": "6748",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6748"
},
{
"name": "10260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10260"
},
{
"name": "oval:org.mitre.oval:def:1157",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157"
},
{
"name": "MS04-017",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via \"..\" sequences in the dynamicimag argument to crystalimagehandler.aspx."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp"
},
{
"name": "11800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11800"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-file-deletion(16044)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16044"
},
{
"name": "6748",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6748"
},
{
"name": "10260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10260"
},
{
"name": "oval:org.mitre.oval:def:1157",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157"
},
{
"name": "MS04-017",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via \"..\" sequences in the dynamicimag argument to crystalimagehandler.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"name": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp",
"refsource": "CONFIRM",
"url": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp"
},
{
"name": "11800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11800"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-file-deletion(16044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16044"
},
{
"name": "6748",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6748"
},
{
"name": "10260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10260"
},
{
"name": "oval:org.mitre.oval:def:1157",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157"
},
{
"name": "MS04-017",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0204",
"datePublished": "2004-06-11T04:00:00",
"dateReserved": "2004-03-11T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2006-4099
Vulnerability from fkie_nvd - Published: 2006-11-29 17:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| businessobjects | crystal_enterprise | 9 | |
| businessobjects | crystal_enterprise | 10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:9:*:*:*:*:*:*:*",
"matchCriteriaId": "53235D62-18AA-4482-B9AE-9E1AE87BDB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:10:*:*:*:*:*:*:*",
"matchCriteriaId": "38F02473-3701-413D-B2F2-B400958F22F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values."
},
{
"lang": "es",
"value": "Business Objects Crystal Enterprise 9 y 10 genera identificadores de sesi\u00f3n previsibles, que permite a atacantes remotos secuestrar sesiones de otros usuarios a trav\u00e9s de los valores de la cookie WCSID."
}
],
"id": "CVE-2006-4099",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-29T17:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23137"
},
{
"source": "cve@mitre.org",
"url": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21350"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4748"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30568"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-2742
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:8.5:*:aix:*:*:*:*:*",
"matchCriteriaId": "5ADD5E80-DCAC-4C06-986F-651989B6D72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:8.5:*:solaris:*:*:*:*:*",
"matchCriteriaId": "C2F1EC12-38F0-4DB5-90DC-A1932A38CD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:8.5:*:windows:*:*:*:*:*",
"matchCriteriaId": "FA106A23-74E5-408C-954F-94245AAF3B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:9:*:windows:*:*:*:*:*",
"matchCriteriaId": "EC102DAF-64D4-4B5F-8DA6-1389355E2095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:10:*:aix:*:*:*:*:*",
"matchCriteriaId": "77891037-D3CD-4457-BF8D-490CEE7FA67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:10:*:hpux:*:*:*:*:*",
"matchCriteriaId": "35A374F1-9F78-45C8-8A7C-F4D03EED0FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:10:*:linux:*:*:*:*:*",
"matchCriteriaId": "DC7AF62C-2763-467F-BBB8-C2CF8ABEA532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:10:*:solaris:*:*:*:*:*",
"matchCriteriaId": "51428D65-D2DB-474D-8F30-B3C6C1C4DD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:10:*:windows:*:*:*:*:*",
"matchCriteriaId": "F1B2F81A-F8DB-4976-B1A2-1A191B83458B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file."
}
],
"id": "CVE-2004-2742",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13644"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1012703"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.businessobjects.com/library/kbase/articles/c2016559.asp"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/12596"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/12107"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1012703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.businessobjects.com/library/kbase/articles/c2016559.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/12596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/12107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18684"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0204
Vulnerability from fkie_nvd - Published: 2004-08-06 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| borland_software | j_builder | * | |
| businessobjects | crystal_enterprise | 9 | |
| businessobjects | crystal_enterprise | 10 | |
| businessobjects | crystal_enterprise_java_sdk | 8.5 | |
| businessobjects | crystal_enterprise_ras | 8.5 | |
| businessobjects | crystal_reports | 9 | |
| businessobjects | crystal_reports | 10 | |
| microsoft | business_solutions_crm | 1.2 | |
| microsoft | outlook | 2003 | |
| microsoft | visual_studio_.net | 2003 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08D4CEA-9ACC-4869-BC87-3524A059914F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*",
"matchCriteriaId": "ADED8968-EA9C-4F0E-AD2F-BC834F4D8A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*",
"matchCriteriaId": "A3DFE048-905E-4890-809D-F6BCEF7F83C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6F5B2A06-CE19-4A57-9566-09FC1E259CDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*",
"matchCriteriaId": "F7560131-A6AC-4BBB-AA2D-C7C63AB51226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*",
"matchCriteriaId": "349036A0-B5E2-4656-8D2D-26BEE9EF9DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D18E22CC-A0FC-4BC7-AD39-2645F57486C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*",
"matchCriteriaId": "893C2387-03E3-4F8E-9029-BC64C64239EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*",
"matchCriteriaId": "D00633D1-4B38-48D9-B5CD-E8D66EA90599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:borland_software:j_builder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A50A593-04D3-4FDA-8015-901750AEE4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:9:*:*:*:*:*:*:*",
"matchCriteriaId": "53235D62-18AA-4482-B9AE-9E1AE87BDB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:10:*:*:*:*:*:*:*",
"matchCriteriaId": "38F02473-3701-413D-B2F2-B400958F22F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise_java_sdk:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1A5E6C-F762-4FD1-A105-EFC4E3746B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise_ras:8.5:*:unix:*:*:*:*:*",
"matchCriteriaId": "CD34959D-8A0C-48B4-8132-865406EABB4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_reports:9:*:*:*:*:*:*:*",
"matchCriteriaId": "716121F8-EE8D-4A4C-BAB6-943BE3ADDC1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_reports:10:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D5162B-391B-4B36-A688-8D903218B3B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:business_solutions_crm:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FFC5454-8557-4886-AEB4-3E04EC6FC477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2003:*:business_contact_manager:*:*:*:*:*",
"matchCriteriaId": "F148421C-7BF5-4A58-83DF-4879B27C912A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:gold:*:*:*:*:*:*",
"matchCriteriaId": "B9E6C132-4F4B-4FB0-9DDC-DD9750D8552D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via \"..\" sequences in the dynamicimag argument to crystalimagehandler.aspx."
},
{
"lang": "es",
"value": "Vulnerabilidad de atravesamiento de directorios en los visores web de Business Objects Crystal Reports 9 and 10, y Crystal Enterprise 9 o 10, usados en Visual Studio .NET 2003 y Outlook 2003 con Business Contact Manager, Microsoft Business Solutions CRM 1.2, y otros productos, permiten a atacantes remotos leer y borrar ficheros de su elecci\u00f3n mediante secuencias \"..\" en el argumento dynamicimag de crystalimagehandler.aspx."
}
],
"id": "CVE-2004-0204",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11800"
},
{
"source": "cve@mitre.org",
"url": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6748"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10260"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16044"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-1981
Vulnerability from fkie_nvd - Published: 2004-05-02 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| businessobjects | crystal_enterprise | 9 | |
| businessobjects | crystal_enterprise | 10 | |
| businessobjects | crystal_reports | 9 | |
| businessobjects | crystal_reports | 10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:9:*:*:*:*:*:*:*",
"matchCriteriaId": "53235D62-18AA-4482-B9AE-9E1AE87BDB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:10:*:*:*:*:*:*:*",
"matchCriteriaId": "38F02473-3701-413D-B2F2-B400958F22F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_reports:9:*:*:*:*:*:*:*",
"matchCriteriaId": "716121F8-EE8D-4A4C-BAB6-943BE3ADDC1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_reports:10:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D5162B-391B-4B36-A688-8D903218B3B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder."
}
],
"id": "CVE-2004-1981",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16046"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}