CVE-2018-2406

Published: Apr 10, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability: 1.8 / Impact: 3.4

Source: NVD

Description

Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.

Affected (4)

Products: Sap: Crystal Reports Server

1 product

Crystal Reports Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Sap Crystal Reports Server	Version 4.0
Sap Crystal Reports Server	Version 4.10
Sap Crystal Reports Server	Version 4.20
Sap Crystal Reports Server	Version 4.30

Related CWEs

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References (6)

http://www.securityfocus.com/bid/103719

Source: cna@sap.com

Broken Link

https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2560132

Source: cna@sap.com

Permissions Required

http://www.securityfocus.com/bid/103719

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2560132

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.