cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-40500,https://securityvulnerability.io/vulnerability/CVE-2021-40500,,"SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server.",SAP,SAP Businessobjects Business Intelligence Platform (crystal Reports),7.5,HIGH,0.0017800000496208668,false,false,false,false,,false,false,2021-10-12T14:04:23.000Z,0
CVE-2021-33696,https://securityvulnerability.io/vulnerability/CVE-2021-33696,,"SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a Web site.",SAP,SAP Businessobjects Business Intelligence Platform (crystal Report),5.4,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-09-15T18:01:42.000Z,0
CVE-2020-26831,https://securityvulnerability.io/vulnerability/CVE-2020-26831,,"SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS).",SAP,SAP Businessobjects Bi Platform (crystal Report),9.6,CRITICAL,0.0007800000021234155,false,false,false,false,,false,false,2020-12-09T16:29:55.000Z,0
CVE-2020-6219,https://securityvulnerability.io/vulnerability/CVE-2020-6219,,"SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data.",SAP,"SAP Business Objects Business Intelligence Platform (crystalreports Webform Viewer),Crystal Reports For Vs",9.1,CRITICAL,0.0009699999936856329,false,false,false,false,,false,false,2020-04-14T18:19:18.000Z,0
CVE-2020-6208,https://securityvulnerability.io/vulnerability/CVE-2020-6208,,"SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.",SAP,SAP Business Objects Business Intelligence Platform (crystal Reports),7.5,HIGH,0.00431999983265996,false,false,false,false,,false,false,2020-03-10T20:20:44.000Z,0
CVE-2019-0285,https://securityvulnerability.io/vulnerability/CVE-2019-0285,,The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.,SAP,SAP Crystal Reports For Visual Studio,9.8,CRITICAL,0.045340001583099365,false,false,false,false,,false,false,2019-04-10T20:26:59.000Z,0
CVE-2018-2427,https://securityvulnerability.io/vulnerability/CVE-2018-2427,,"SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.",SAP,"SAP Businessobjects Business Intelligence Suite,SAP Crystal Reports",8.8,HIGH,0.0023799999617040157,false,false,false,false,,false,false,2018-07-10T18:00:00.000Z,0
CVE-2018-2406,https://securityvulnerability.io/vulnerability/CVE-2018-2406,,"Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.",SAP,"SAP Crystal Reports Server, Oem Edition",5.3,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2018-04-10T15:00:00.000Z,0