CVE-2004-0204

Published: Aug 6, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

Affected (19)

Products: Bea: Weblogic Server · Borland Software: J Builder · Businessobjects: Crystal Enterprise, Crystal Enterprise Java Sdk, Crystal Enterprise Ras, Crystal Reports · +1 more

Show all products

Bea: Weblogic Server · Borland Software: J Builder · Businessobjects: Crystal Enterprise, Crystal Enterprise Java Sdk, Crystal Enterprise Ras, Crystal Reports · Microsoft: Business Solutions Crm, Outlook, Visual Studio .net

1 product

1 product

4 products

Crystal Enterprise Java Sdk

Crystal Enterprise Ras

Crystal Reports

Microsoft

3 products

Business Solutions Crm

Outlook

Visual Studio .net

Configuration A

19 vulnerable

Vulnerable Software	Affected Versions
Bea Weblogic Server	Version 8.1
Bea Weblogic Server	Version 8.1
Bea Weblogic Server	Version 8.1
Bea Weblogic Server	Version 8.1 sp1
Bea Weblogic Server	Version 8.1 sp1
Bea Weblogic Server	Version 8.1 sp1
Bea Weblogic Server	Version 8.1 sp2
Bea Weblogic Server	Version 8.1 sp2
Bea Weblogic Server	Version 8.1 sp2
Borland Software J Builder	All versions
Businessobjects Crystal Enterprise	Version 10
Businessobjects Crystal Enterprise	Version 9
Businessobjects Crystal Enterprise Java Sdk	Version 8.5
Businessobjects Crystal Enterprise Ras	Version 8.5
Businessobjects Crystal Reports	Version 10
Businessobjects Crystal Reports	Version 9
Microsoft Business Solutions Crm	Version 1.2
Microsoft Outlook	Version 2003
Microsoft Visual Studio .net	Version 2003 gold