CVE-2019-0285

Published: Apr 10, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.

Affected (1)

Products: Sap: Crystal Reports

Sap

1 product

Crystal Reports

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Crystal Reports	Version 2010

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (6)

http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html

Source: cna@sap.com

https://launchpad.support.sap.com/#/notes/2687663

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114

Source: cna@sap.com

Vendor Advisory

http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://launchpad.support.sap.com/#/notes/2687663

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.