The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SAP Crystal Enterprise

computer vulnerability CVE-2014-2751

SAP Print and Output: privilege escalation

Synthesis of the vulnerability

An attacker can access to a user of SAP Print and Output, in order to escalate his privileges or to obtain sensitive information.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver.
Severity: 2/4.
Creation date: 10/12/2013.
Revision date: 14/03/2014.
Identifiers: 1911523, CVE-2014-2751, DOC-8218, ONAPSIS-2014-004, VIGILANCE-VUL-13915.

Description of the vulnerability

The SAP Print and Output product manage the display of documents.

However, it uses an hardcoded username.

An attacker can therefore access to a user of SAP Print and Output, in order to escalate his privileges or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce 14262

SAP: multiple vulnerabilities for February 2014

Synthesis of the vulnerability

An attacker can use several vulnerabilities of SAP.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 2/4.
Creation date: 14/02/2014.
Identifiers: 1716640, 1769611, 1771706, 1777988, 1781171, 1833327, 1911319, 1913388, 1915908, 1942332, VIGILANCE-VUL-14262.

Description of the vulnerability

Several vulnerabilities were publicly announced this month by SAP.

An attacker can traverse directories in HFILTAX0_FORMS0_ALV, in order to read a file outside the root path. [severity:2/4; 1913388]

An attacker can traverse directories in HFISTWC0_FORMS, in order to read a file outside the root path. [severity:2/4; 1777988]

An attacker can traverse directories in HFIUTMS0, in order to read a file outside the root path. [severity:2/4; 1771706]

An attacker can traverse directories in HFISTBC0_SUBR, in order to read a file outside the root path. [severity:2/4; 1769611]

An attacker can trigger a Cross Site Scripting in Business Planning and Consolidation, in order to execute JavaScript code in the context of the web site. [severity:2/4; 1942332]

An attacker can bypass access restrictions of ABAP Reports, in order to read or alter data. [severity:2/4; 1911319]

An attacker can bypass access restrictions of ABAP Reports, in order to read or alter data. [severity:2/4; 1716640]

An attacker can bypass access restrictions of ABAP Reports, in order to read or alter data. [severity:2/4; 1915908]

An attacker can invite the victim to click in WebDynpro Java, in order to perform operations. [severity:1/4; 1781171]

An attacker can use a SQL injection in LSZRSF03, in order to read or alter data. [severity:2/4; 1833327]

Other vulnerabilities may have been announced this month, but they are private. SAP has to be contacted to obtain the full list.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability 14260

SAP: code execution via CTC

Synthesis of the vulnerability

An attacker can use the CTC servlet of SAP, in order to execute code.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver, ASE.
Severity: 3/4.
Creation date: 14/02/2014.
Identifiers: 1963100, VIGILANCE-VUL-14260.

Description of the vulnerability

An attacker can use the CTC servlet of SAP, in order to execute code.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2013-7359

SAP: vulnerability 1789611

Synthesis of the vulnerability

An unknown vulnerability was announced in SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver.
Severity: 2/4.
Creation date: 12/03/2013.
Identifiers: 1789611, CVE-2013-7359, DOC-8218, ONAPSIS-2013-009, VIGILANCE-VUL-12507.

Description of the vulnerability

An unknown vulnerability was announced in SAP products.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 12505

SAP: vulnerability 1806435

Synthesis of the vulnerability

An unknown vulnerability was announced in SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver.
Severity: 2/4.
Creation date: 12/03/2013.
Identifiers: 1806435, DOC-8218, VIGILANCE-VUL-12505.

Description of the vulnerability

An unknown vulnerability was announced in SAP products.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note 12504

SAP: vulnerability 1786822

Synthesis of the vulnerability

An unknown vulnerability was announced in SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver.
Severity: 2/4.
Creation date: 12/03/2013.
Identifiers: 1786822, DOC-8218, VIGILANCE-VUL-12504.

Description of the vulnerability

An unknown vulnerability was announced in SAP products.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 12503

SAP: vulnerability 1789823

Synthesis of the vulnerability

An unknown vulnerability was announced in SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver.
Severity: 2/4.
Creation date: 12/03/2013.
Identifiers: 1789823, 1813734, DOC-8218, VIGILANCE-VUL-12503.

Description of the vulnerability

An unknown vulnerability was announced in SAP products.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce 12502

SAP: vulnerability 1813734

Synthesis of the vulnerability

An unknown vulnerability was announced in SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver.
Severity: 2/4.
Creation date: 12/03/2013.
Identifiers: 1813734, DOC-8218, VIGILANCE-VUL-12502.

Description of the vulnerability

An unknown vulnerability was announced in SAP products.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert 12501

SAP: vulnerability 1771567

Synthesis of the vulnerability

An unknown vulnerability was announced in SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver.
Severity: 2/4.
Creation date: 12/03/2013.
Identifiers: 1771567, DOC-8218, VIGILANCE-VUL-12501.

Description of the vulnerability

An unknown vulnerability was announced in SAP products.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert 12461

SAP: vulnerability 1819543

Synthesis of the vulnerability

An unknown vulnerability was announced in SAP products.
Impacted products: Business Objects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver.
Severity: 2/4.
Creation date: 25/02/2013.
Identifiers: 1819543, DOC-8218, VIGILANCE-VUL-12461.

Description of the vulnerability

An unknown vulnerability was announced in SAP products.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.