cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-40500,https://securityvulnerability.io/vulnerability/CVE-2021-40500,Missing XML Validation Vulnerability in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence Platform, specifically in versions 420 and 430, contains a vulnerability that stems from inadequate XML validations at certain endpoints. An unauthenticated attacker can exploit this flaw to read sensitive data by accessing these network-exposed endpoints. If successfully exploited, the attacker could retrieve arbitrary files from the server, posing a significant risk to data security.",SAP,SAP Businessobjects Business Intelligence Platform (crystal Reports),7.5,HIGH,0.0017800000496208668,false,,false,false,false,,,false,false,,2021-10-12T14:04:23.000Z,0
CVE-2021-33696,https://securityvulnerability.io/vulnerability/CVE-2021-33696,XSS Vulnerability in SAP BusinessObjects Business Intelligence Platform,"The SAP BusinessObjects Business Intelligence Platform, specifically in the Crystal Report versions 420 and 430, suffers from a Cross-Site Scripting (XSS) vulnerability due to inadequate encoding of user-controlled inputs. This flaw allows an authorized attacker to exploit the weakness and potentially modify or deface content displayed on a web interface, leading to harmful consequences for users interacting with the affected site.",SAP,SAP Businessobjects Business Intelligence Platform (crystal Report),5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-09-15T18:01:42.000Z,0
CVE-2020-26831,https://securityvulnerability.io/vulnerability/CVE-2020-26831,XML Injection Vulnerability in SAP BusinessObjects BI Platform,"The vulnerability in SAP BusinessObjects BI Platform affects versions 4.1, 4.2, and 4.3, where insufficient validation of uploaded XML entities during Crystal Report generation can be exploited. An attacker with basic privileges may inject arbitrary XML entities, potentially leading to serious consequences such as internal file disclosures, exposure of internal directories, Server-Side Request Forgery (SSRF), and denial-of-service (DoS) conditions.",SAP,SAP Businessobjects Bi Platform (crystal Report),9.6,CRITICAL,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-12-09T16:29:55.000Z,0
CVE-2020-6219,https://securityvulnerability.io/vulnerability/CVE-2020-6219,Deserialization Vulnerability in SAP Business Objects Business Intelligence Platform,"SAP Business Objects Business Intelligence Platform's CrystalReports WebForm Viewer suffers from a vulnerability that allows an attacker with basic authorization to exploit a deserialization flaw. This attack can lead to service interruptions, denial of service, and the unauthorized execution of arbitrary commands. It's essential to ensure that applications are protected against such threats to maintain their reliability and security.",SAP,"SAP Business Objects Business Intelligence Platform (crystalreports Webform Viewer),Crystal Reports For Vs",9.1,CRITICAL,0.0009699999936856329,false,,false,false,false,,,false,false,,2020-04-14T18:19:18.000Z,0
CVE-2020-6208,https://securityvulnerability.io/vulnerability/CVE-2020-6208,Code Injection Vulnerability in SAP Business Objects Business Intelligence Platform,"The SAP Business Objects Business Intelligence Platform, particularly in its Crystal Reports component, is susceptible to a code injection vulnerability. An attacker with basic authorization can leverage this flaw to inject malicious code that the application executes. While the attack vector is classified as local, the implications can affect multiple applications within the environment, potentially allowing an attacker to manipulate the application's behavior and execute arbitrary code.",SAP,SAP Business Objects Business Intelligence Platform (crystal Reports),7.5,HIGH,0.00431999983265996,false,,false,false,false,,,false,false,,2020-03-10T20:20:44.000Z,0
CVE-2019-0285,https://securityvulnerability.io/vulnerability/CVE-2019-0285,Information Disclosure in SAP Crystal Reports for Visual Studio,"The vulnerability in SAP Crystal Reports for Visual Studio's .NET SDK WebForm Viewer allows unauthorized access to sensitive database information, including credentials. This exposure can be exploited by attackers, leading to potential data breaches and unauthorized system control. The issue was addressed in version 2010, underscoring the importance of keeping software updated to safeguard sensitive data.",SAP,SAP Crystal Reports For Visual Studio,9.8,CRITICAL,0.045340001583099365,false,,false,false,false,,,false,false,,2019-04-10T20:26:59.000Z,0
CVE-2018-2427,https://securityvulnerability.io/vulnerability/CVE-2018-2427,Code Injection Vulnerability in SAP BusinessObjects BI Suite and Crystal Reports,"A code injection vulnerability exists in SAP BusinessObjects Business Intelligence Suite 4.10 and 4.20, as well as SAP Crystal Reports for Visual Studio .NET (Version 2010). This flaw allows attackers to execute unauthorized code in the affected applications, resulting in potential manipulation of application behavior. Such exploitation could lead to significant security breaches, enabling attackers to gain control over sensitive data and system operations.",SAP,"SAP Businessobjects Business Intelligence Suite,SAP Crystal Reports",8.8,HIGH,0.0023799999617040157,false,,false,false,false,,,false,false,,2018-07-10T18:00:00.000Z,0
CVE-2018-2406,https://securityvulnerability.io/vulnerability/CVE-2018-2406,Directory Traversal Vulnerability in Crystal Reports Server by SAP,"A directory traversal vulnerability exists in Crystal Reports Server, OEM Edition, due to an unquoted Windows search path in the startup configuration. This flaw could allow attackers to escalate privileges or gain unauthorized access to sensitive files in the system by leveraging the vulnerable installations on affected versions, specifically those from 4.0 to 4.30. Prompt updates and configuration changes are recommended to mitigate potential security risks associated with this vulnerability.",SAP,"SAP Crystal Reports Server, Oem Edition",5.3,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2018-04-10T15:00:00.000Z,0