Businessobjects: Security Vulnerabilities
The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder.
CVSS Score
5.0
EPSS Score
0.007
Published
2004-05-02
WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions.
CVSS Score
7.5
EPSS Score
0.014
Published
2003-12-31
Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords.
CVSS Score
7.5
EPSS Score
0.007
Published
2001-01-10
Page 2