CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-40500

SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 78.1%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://launchpad.support.sap.com/#/notes/3074693
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983
https://launchpad.support.sap.com/#/notes/3074693
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983

Products affected by CVE-2021-40500

Sap » Businessobjects Business Intelligence Platform » Version: 4.20

cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.20
Sap » Businessobjects Business Intelligence Platform » Version: 4.30

cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.30

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-40500

Products

Pricing

Contact Us