CVE-2018-2406

Опубликовано: 10 апр. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 4.6

EPSS Низкий

Описание

Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.

Ссылки

http://www.securityfocus.com/bid/103719
Broken Link
https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2560132
Permissions Required
http://www.securityfocus.com/bid/103719
Broken Link
https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2560132
Permissions Required

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:crystal_reports_server:4.0:*:*:*:oem:*:*:*

cpe:2.3:a:sap:crystal_reports_server:4.10:*:*:*:oem:*:*:*

cpe:2.3:a:sap:crystal_reports_server:4.20:*:*:*:oem:*:*:*

cpe:2.3:a:sap:crystal_reports_server:4.30:*:*:*:oem:*:*:*

EPSS

Процентиль: 22%

0.00071

Низкий

5.3 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-428

Связанные уязвимости

GHSA-fpfg-hpwq-xgwm