vendor:
Crystal Report Server 2008
by:
Dmitriy Chastuhin, Digital Security Research Group [DSecRG]
7.5
CVSS
HIGH
Directory Traversal File Read
22
CWE
Product Name: Crystal Report Server 2008
Affected Version From: SAP Crystal Report Server 2008
Affected Version To: SAP Crystal Report Server 2008
Patch Exists: YES
Related CWE: N/A
CPE: a:sap:crystal_report_server_2008
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011
SAP Crystal Report Server 2008 – Directory Traversal
SAP Crystal Report Server 2008 contains a variety of features with which users can manage and share interactive reports and dashboards, as well as provide access to them via the Internet. Directory Traversal vulnerability was found in script qa.jsp With this vulnerability, an authenticated attacker can read any file on the server.
Mitigation:
Solution to this issue is given in the 1476930 security note.