SAP Crystal Reports
By the Year
In 2024 there have been 0 vulnerabilities in SAP Crystal Reports . Crystal Reports did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 1 | 8.20 |
2019 | 1 | 9.80 |
2018 | 1 | 8.80 |
It may take a day or so for new Crystal Reports vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SAP Crystal Reports Security Vulnerabilities
SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code
CVE-2020-6208
8.2 - High
- March 10, 2020
SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.
Code Injection
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials
CVE-2019-0285
9.8 - Critical
- April 10, 2019
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.
Cleartext Storage of Sensitive Information
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code
CVE-2018-2427
8.8 - High
- July 10, 2018
SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application.
Code Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SAP Crystal Reports or by SAP? Click the Watch button to subscribe.