Vulnerabilities > SAP > Crystal Reports > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-10 | CVE-2020-6208 | Code Injection vulnerability in SAP Crystal Reports 4.1/4.2 SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. | 4.4 |
| 2019-04-10 | CVE-2019-0285 | Cleartext Storage of Sensitive Information vulnerability in SAP Crystal Reports 2010 The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker. | 5.0 |
| 2018-07-10 | CVE-2018-2427 | Code Injection vulnerability in SAP products SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. | 6.5 |
| 2014-09-04 | CVE-2014-5506 | Remote Code Execution vulnerability in SAP Crystal Reports Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. network sap | 6.8 |
| 2014-09-04 | CVE-2014-5505 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SAP Crystal Reports Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. | 6.8 |