Vulnerabilities > CVE-2020-6208 - Use After Free vulnerability in SAP Crystal Reports 4.1/4.2

CVSS 8.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

sap

CWE-416

NVD

Published: 2020-03-10

Updated: 2021-07-21

Summary

SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Crystal Reports 4.1 SAP Crystal Reports 4.2	2

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305
https://launchpad.support.sap.com/#/notes/2861301
https://www.zerodayinitiative.com/advisories/ZDI-20-291/