CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-2406

Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 22.3%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 4.6

References

http://www.securityfocus.com/bid/103719
https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/
https://launchpad.support.sap.com/#/notes/2560132
http://www.securityfocus.com/bid/103719
https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/
https://launchpad.support.sap.com/#/notes/2560132

Products affected by CVE-2018-2406

Sap » Crystal Reports Server » Version: 4.0

cpe:2.3:a:sap:crystal_reports_server:4.0
Sap » Crystal Reports Server » Version: 4.10

cpe:2.3:a:sap:crystal_reports_server:4.10
Sap » Crystal Reports Server » Version: 4.20

cpe:2.3:a:sap:crystal_reports_server:4.20
Sap » Crystal Reports Server » Version: 4.30

cpe:2.3:a:sap:crystal_reports_server:4.30

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-2406

Products

Pricing

Contact Us