CVE-2018-2406

5.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Crystal Reports Server, Oem Edition
Vendor: CVE Published:; 10 April 2018

Summary

Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.

Affected Version(s)

SAP Crystal Reports Server, OEM Edition 4.0

SAP Crystal Reports Server, OEM Edition 4.10

SAP Crystal Reports Server, OEM Edition 4.20

References

https://launchpad.support.sap.com/#/notes/2560132

x_refsource_MISC

https://blogs.sap.com/2018/04/10/sap-security-patch-day-a...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/103719

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 10, 2018
Vulnerability Reserved
Dec 15, 2017