cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-40500,https://securityvulnerability.io/vulnerability/CVE-2021-40500,,"SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server.",SAP,SAP Businessobjects Business Intelligence Platform (crystal Reports),7.5,HIGH,0.0017800000496208668,false,false,false,false,,false,false,2021-10-12T14:04:23.000Z,0
CVE-2021-33696,https://securityvulnerability.io/vulnerability/CVE-2021-33696,,"SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a Web site.",SAP,SAP Businessobjects Business Intelligence Platform (crystal Report),5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-09-15T18:01:42.000Z,0
CVE-2020-26831,https://securityvulnerability.io/vulnerability/CVE-2020-26831,,"SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS).",SAP,SAP Businessobjects Bi Platform (crystal Report),9.6,CRITICAL,0.0007800000021234155,false,false,false,false,,false,false,2020-12-09T16:29:55.000Z,0
CVE-2020-6219,https://securityvulnerability.io/vulnerability/CVE-2020-6219,,"SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data.",SAP,"SAP Business Objects Business Intelligence Platform (crystalreports Webform Viewer),Crystal Reports For Vs",9.1,CRITICAL,0.0009699999936856329,false,false,false,false,,false,false,2020-04-14T18:19:18.000Z,0
CVE-2020-6208,https://securityvulnerability.io/vulnerability/CVE-2020-6208,,"SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.",SAP,SAP Business Objects Business Intelligence Platform (crystal Reports),7.5,HIGH,0.00431999983265996,false,false,false,false,,false,false,2020-03-10T20:20:44.000Z,0
CVE-2019-0285,https://securityvulnerability.io/vulnerability/CVE-2019-0285,,The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.,SAP,SAP Crystal Reports For Visual Studio,9.8,CRITICAL,0.045340001583099365,false,false,false,false,,false,false,2019-04-10T20:26:59.000Z,0
CVE-2018-2427,https://securityvulnerability.io/vulnerability/CVE-2018-2427,,"SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.",SAP,"SAP Businessobjects Business Intelligence Suite,SAP Crystal Reports",8.8,HIGH,0.0023799999617040157,false,false,false,false,,false,false,2018-07-10T18:00:00.000Z,0
CVE-2018-2406,https://securityvulnerability.io/vulnerability/CVE-2018-2406,,"Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.",SAP,"SAP Crystal Reports Server, Oem Edition",5.3,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2018-04-10T15:00:00.000Z,0
CVE-2014-5505,https://securityvulnerability.io/vulnerability/CVE-2014-5505,,Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file.,SAP,Crystal Reports,,,0.5927299857139587,false,false,false,false,,false,false,2014-09-04T17:00:00.000Z,0
CVE-2014-5506,https://securityvulnerability.io/vulnerability/CVE-2014-5506,,Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file.,SAP,Crystal Reports,,,0.3743700087070465,false,false,false,false,,false,false,2014-09-04T17:00:00.000Z,0
CVE-2011-4805,https://securityvulnerability.io/vulnerability/CVE-2011-4805,,Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter.,SAP,Crystal Reports Server,,,0.002580000087618828,false,false,false,false,,false,false,2011-12-14T00:00:00.000Z,0
CVE-2010-2590,https://securityvulnerability.io/vulnerability/CVE-2010-2590,,Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.,SAP,Crystal Reports,,,0.8060600161552429,false,false,false,false,,false,false,2010-12-22T01:00:00.000Z,0
CVE-2010-3032,https://securityvulnerability.io/vulnerability/CVE-2010-3032,,"Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow.",SAP,Crystal Reports,,,0.1072700023651123,false,false,false,false,,false,false,2010-08-17T17:31:00.000Z,0
CVE-2009-3345,https://securityvulnerability.io/vulnerability/CVE-2009-3345,,"Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11.  NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.",SAP,Crystal Reports Server,,,0.004350000061094761,false,false,false,false,,false,false,2009-09-24T16:30:00.000Z,0
CVE-2009-3344,https://securityvulnerability.io/vulnerability/CVE-2009-3344,,"Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11.  NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.",SAP,Crystal Reports Server,,,0.0021899999119341373,false,false,false,false,,false,false,2009-09-24T16:30:00.000Z,0
CVE-2009-3346,https://securityvulnerability.io/vulnerability/CVE-2009-3346,,"Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11.  NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.",SAP,Crystal Reports Server,,,0.029330000281333923,false,false,false,false,,false,false,2009-09-24T16:30:00.000Z,0