Vulnerabilities > CVE-2001-1464 - Unspecified vulnerability in Businessobjects Crystal Reports

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

businessobjects

NVD

Published: 2001-01-10

Updated: 2017-07-11

Summary

Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords.

Vulnerable Configurations

Part	Description	Count
Application	Businessobjects Businessobjects Crystal Reports *	1

References

http://www.kb.cert.org/vuls/id/403307
https://exchange.xforce.ibmcloud.com/vulnerabilities/7928