Vulnerabilities > SAP > Crystal Reports Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-04-10 CVE-2018-2406 Unquoted Search Path or Element vulnerability in SAP Crystal Reports Server
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.
local
low complexity
sap CWE-428
4.6
2011-12-14 CVE-2011-4805 Cross-Site Scripting vulnerability in SAP Crystal Reports Server 2008
Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter.
network
sap CWE-79
4.3
2009-09-24 CVE-2009-3344 Remote vulnerability in SAP Crystal Reports Server 2008
Unspecified vulnerability in SAP Crystal Reports Server 2008 on Windows XP allows attackers to cause a denial of service (infinite loop) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11.
network
low complexity
microsoft sap
5.0