Vulnerability Details CVE-2019-0285
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.075
EPSS Ranking 91.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html
- https://launchpad.support.sap.com/#/notes/2687663
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114
- http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html
- https://launchpad.support.sap.com/#/notes/2687663
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114
Products affected by CVE-2019-0285
-
cpe:2.3:a:sap:crystal_reports:2010