Описание
SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.
Ссылки
- Permissions Required
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Permissions Required
- Vendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
8.2 High
CVSS3
4.4 Medium
CVSS2
Дефекты
Связанные уязвимости
SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.
Уязвимость платформы бизнес-аналитики SAP Business Objects Business Intelligence Platform, связанная с ошибками управления генерацией кода, позволяющая нарушителю выполнить произвольный код
EPSS
7.5 High
CVSS3
8.2 High
CVSS3
4.4 Medium
CVSS2