The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Crystal Reports

computer vulnerability bulletin CVE-2016-4014 CVE-2016-4015 CVE-2016-4016

SAP: multiples vulnerabilities of April 2016

Synthesis of the vulnerability

Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 12/04/2016.
Identifiers: CVE-2016-4014, CVE-2016-4015, CVE-2016-4016, CVE-2016-4017, CVE-2016-4018, DOC-8218, ERPSCAN-16-019, ERPSCAN-16-020, ERPSCAN-16-021, VIGILANCE-VUL-19348.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-7828 CVE-2015-7986 CVE-2015-7991

SAP: multiples vulnerabilities of October 2015

Synthesis of the vulnerability

Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 13/10/2015.
Revision date: 29/01/2016.
Identifiers: CVE-2015-7828, CVE-2015-7986, CVE-2015-7991, CVE-2015-7992, CVE-2015-7993, CVE-2015-7994, CVE-2015-8028, CVE-2015-8029, CVE-2015-8030, ERPSCAN-15-017, ERPSCAN-15-024, ERPSCAN-15-025, ONAPSIS-2015-024, ONAPSIS-2015-040, ONAPSIS-2015-041, ONAPSIS-2015-042, ONAPSIS-2015-043, ONAPSIS-2015-044, VIGILANCE-VUL-18084, ZDI-15-526, ZDI-15-527, ZDI-15-528, ZDI-15-529, ZDI-15-530, ZDI-15-531, ZDI-15-532.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-1910 CVE-2016-1911 CVE-2016-1928

SAP: multiples vulnerabilities of January 2016

Synthesis of the vulnerability

Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 12/01/2016.
Revision date: 28/01/2016.
Identifiers: CVE-2016-1910, CVE-2016-1911, CVE-2016-1928, CVE-2016-1929, CVE-2016-7437, DOC-8218, ERPSCAN-15-024, ERPSCAN-16-001, ERPSCAN-16-002, ERPSCAN-16-003, ERPSCAN-16-004, ERPSCAN-16-005, ONAPSIS-2016-051, VIGILANCE-VUL-18691.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-2278 CVE-2015-2282 CVE-2015-3994

SAP: multiple vulnerabilities of May 2015

Synthesis of the vulnerability

Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 12/05/2015.
Identifiers: CVE-2015-2278, CVE-2015-2282, CVE-2015-3994, CVE-2015-3995, CVE-2015-4091, CVE-2015-4092, CVE-2015-4157, CVE-2015-4158, CVE-2015-4159, CVE-2015-4160, CVE-2015-4161, CVE-2016-3946, DOC-8218, ONAPSIS-2015-006, ONAPSIS-2015-007, ONAPSIS-2016-001, VIGILANCE-VUL-16877.

Description of the vulnerability

An attacker can use several vulnerabilities of SAP.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-3978 CVE-2015-3979 CVE-2015-3980

SAP: multiple vulnerabilities of April 2015

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 14/04/2015.
Identifiers: CVE-2015-3978, CVE-2015-3979, CVE-2015-3980, CVE-2015-3981, DOC-8218, VIGILANCE-VUL-16593.

Description of the vulnerability

Several vulnerabilities were announced in SAP.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2014-8659 CVE-2014-8660 CVE-2014-8661

SAP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 14/10/2014.
Identifiers: CVE-2014-8659, CVE-2014-8660, CVE-2014-8661, CVE-2014-8662, CVE-2014-8663, CVE-2014-8664, CVE-2014-8665, CVE-2014-8666, CVE-2014-8667, CVE-2014-8668, CVE-2014-8669, DOC-8218, VIGILANCE-VUL-15471.

Description of the vulnerability

Several vulnerabilities were announced in SAP.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2014-5505 CVE-2014-5506

SAP Crystal Reports: two vulnerabilities of RPT

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious RPT file with SAP Crystal Reports, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Crystal Reports.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 12/08/2014.
Revision date: 04/09/2014.
Identifiers: 1999142, CVE-2014-5505, CVE-2014-5506, DOC-8218, VIGILANCE-VUL-15161, ZDI-14-301, ZDI-14-302.

Description of the vulnerability

The SAP Crystal Reports product supports files with the RPT format. Several vulnerabilities were announced in SAP Crystal Reports.

An attacker can generate a buffer overflow via RPT, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-5505, ZDI-14-301]

An attacker can use a freed memory area via RPT, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-5506, ZDI-14-302]

An attacker can therefore invite the victim to open a malicious RPT file with SAP Crystal Reports, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce 14732

SAP: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of SAP, in order to execute JavaScript code in the context of the web site.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 13/05/2014.
Revision date: 19/05/2014.
Identifiers: 1979438, DOC-8218, VIGILANCE-VUL-14732.

Description of the vulnerability

The SAP product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of SAP, in order to execute JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2014-3129

SAP Software Lifeclycle Manager: information disclosure

Synthesis of the vulnerability

An attacker can use SAP Software Lifeclycle Manager, in order to obtain sensitive information.
Impacted products: Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 14/01/2014.
Revision date: 29/04/2014.
Identifiers: 1894049, CVE-2014-3129, DOC-8218, ONAPSIS-2014-005, VIGILANCE-VUL-14067.

Description of the vulnerability

The SAP Software Lifeclycle Manager product offers a web service.

However, an attacker can use HTTP queries to bypass access restrictions to data.

An attacker can therefore use SAP Software Lifeclycle Manager, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2014-2751

SAP Print and Output: privilege escalation

Synthesis of the vulnerability

An attacker can access to a user of SAP Print and Output, in order to escalate his privileges or to obtain sensitive information.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver.
Severity: 2/4.
Consequences: privileged access/rights, data reading.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 10/12/2013.
Revision date: 14/03/2014.
Identifiers: 1911523, CVE-2014-2751, DOC-8218, ONAPSIS-2014-004, VIGILANCE-VUL-13915.

Description of the vulnerability

The SAP Print and Output product manage the display of documents.

However, it uses an hardcoded username.

An attacker can therefore access to a user of SAP Print and Output, in order to escalate his privileges or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Crystal Reports: