Details of VAR-201103-0371

ID

VAR-201103-0371

TITLE

SAP Crystal Reports Server Parameter input vulnerability

Trust: 0.8

sources: IVD: dcc32308-1f9b-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1089

DESCRIPTION

SAP Crystal Reports Server is a complete reporting solution for creating, managing, and delivering reports through the web or embedded enterprise applications. There is an input validation error in SAP Crystal Reports Server. The input passed to aa-open-inlist.jsp via the \"url\", \"sWindow\", \"BEGIN_DATE\", \"END_DATE\", \"CURRENT_DATE\" and \"CURRENT_SLICE\" parameters is missing before returning to the user. Filtering can lead to cross-site scripting attacks

Trust: 6.48

sources: CNVD: CNVD-2011-1086 // CNVD: CNVD-2011-1078 // CNVD: CNVD-2011-1081 // CNVD: CNVD-2011-1087 // CNVD: CNVD-2011-1090 // CNVD: CNVD-2011-1083 // CNVD: CNVD-2011-1085 // CNVD: CNVD-2011-1089 // CNVD: CNVD-2011-1084 // IVD: cfb685ec-1f9b-11e6-abef-000c29c66e3d // IVD: d8810ba2-1f9b-11e6-abef-000c29c66e3d // IVD: dfb80812-1f9b-11e6-abef-000c29c66e3d // IVD: d5a6c462-1f9b-11e6-abef-000c29c66e3d // IVD: d3fbf61e-1f9b-11e6-abef-000c29c66e3d // IVD: db50ddd0-1f9b-11e6-abef-000c29c66e3d // IVD: dcc32308-1f9b-11e6-abef-000c29c66e3d // IVD: d2473478-1f9b-11e6-abef-000c29c66e3d // IVD: d10c1f4c-1f9b-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 7.2

sources: IVD: d10c1f4c-1f9b-11e6-abef-000c29c66e3d // IVD: cfb685ec-1f9b-11e6-abef-000c29c66e3d // IVD: d2473478-1f9b-11e6-abef-000c29c66e3d // IVD: dcc32308-1f9b-11e6-abef-000c29c66e3d // IVD: db50ddd0-1f9b-11e6-abef-000c29c66e3d // IVD: d3fbf61e-1f9b-11e6-abef-000c29c66e3d // IVD: d5a6c462-1f9b-11e6-abef-000c29c66e3d // IVD: dfb80812-1f9b-11e6-abef-000c29c66e3d // IVD: d8810ba2-1f9b-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1086 // CNVD: CNVD-2011-1078 // CNVD: CNVD-2011-1089 // CNVD: CNVD-2011-1085 // CNVD: CNVD-2011-1083 // CNVD: CNVD-2011-1090 // CNVD: CNVD-2011-1087 // CNVD: CNVD-2011-1081 // CNVD: CNVD-2011-1084

AFFECTED PRODUCTS

vendor:

sap

model:

crystal reports server

scope:

version:

2008

Trust: 7.2

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	d10c1f4c-1f9b-11e6-abef-000c29c66e3d
value:	LOW
Trust: 0.2
IVD:	cfb685ec-1f9b-11e6-abef-000c29c66e3d
value:	LOW
Trust: 0.2
IVD:	d2473478-1f9b-11e6-abef-000c29c66e3d
value:	LOW
Trust: 0.2
IVD:	dcc32308-1f9b-11e6-abef-000c29c66e3d
value:	LOW
Trust: 0.2
IVD:	db50ddd0-1f9b-11e6-abef-000c29c66e3d
value:	LOW
Trust: 0.2
IVD:	d3fbf61e-1f9b-11e6-abef-000c29c66e3d
value:	LOW
Trust: 0.2
IVD:	d5a6c462-1f9b-11e6-abef-000c29c66e3d
value:	LOW
Trust: 0.2
IVD:	dfb80812-1f9b-11e6-abef-000c29c66e3d
value:	LOW
Trust: 0.2
IVD:	d8810ba2-1f9b-11e6-abef-000c29c66e3d
value:	LOW
Trust: 0.2

IVD:	d10c1f4c-1f9b-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2
IVD:	cfb685ec-1f9b-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2
IVD:	d2473478-1f9b-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2
IVD:	dcc32308-1f9b-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2
IVD:	db50ddd0-1f9b-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2
IVD:	d3fbf61e-1f9b-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2
IVD:	d5a6c462-1f9b-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2
IVD:	dfb80812-1f9b-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2
IVD:	d8810ba2-1f9b-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2

TYPE

Input validation error

Trust: 1.6

PATCH

title:	Patch for SAP Crystal Reports Server \"analyticToken\" parameter vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/3290	Trust: 0.6
title:	Patch for SAP Crystal Reports Server \"backURL\" parameter vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/3283	Trust: 0.6
title:	Patch for SAP Crystal Reports Server Parameter Input Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/3292	Trust: 0.6
title:	Patch for SAP Crystal Reports Server \"Sel\" parameter vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/3289	Trust: 0.6
title:	Patch for SAP Crystal Reports Server Multiple Parameter Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/3287	Trust: 0.6
title:	Patch for SAP Crystal Reports Server \"DocName\" and \"Label\" parameter vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/3293	Trust: 0.6
title:	Patch for SAP Crystal Reports Server \"defTar\" parameter vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/3291	Trust: 0.6
title:	Patch for SAP Crystal Reports Server \"entry\" parameter vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/3286	Trust: 0.6
title:	Patch for SAP Crystal Reports Server \"swf\" parameter vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/3288	Trust: 0.6

sources: CNVD: CNVD-2011-1086 // CNVD: CNVD-2011-1078 // CNVD: CNVD-2011-1089 // CNVD: CNVD-2011-1085 // CNVD: CNVD-2011-1083 // CNVD: CNVD-2011-1090 // CNVD: CNVD-2011-1087 // CNVD: CNVD-2011-1081 // CNVD: CNVD-2011-1084

EXTERNAL IDS

db:	BID	id:	46855	Trust: 5.4
db:	SECUNIA	id:	43723	Trust: 5.4
db:	CNVD	id:	CNVD-2011-1086	Trust: 0.8
db:	CNVD	id:	CNVD-2011-1087	Trust: 0.8
db:	CNVD	id:	CNVD-2011-1085	Trust: 0.8
db:	CNVD	id:	CNVD-2011-1089	Trust: 0.8
db:	CNVD	id:	CNVD-2011-1090	Trust: 0.8
db:	CNVD	id:	CNVD-2011-1084	Trust: 0.8
db:	CNVD	id:	CNVD-2011-1083	Trust: 0.8
db:	CNVD	id:	CNVD-2011-1078	Trust: 0.8
db:	CNVD	id:	CNVD-2011-1081	Trust: 0.8
db:	IVD	id:	D10C1F4C-1F9B-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	CFB685EC-1F9B-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	D2473478-1F9B-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	DCC32308-1F9B-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	DB50DDD0-1F9B-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	D3FBF61E-1F9B-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	D5A6C462-1F9B-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	DFB80812-1F9B-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	D8810BA2-1F9B-11E6-ABEF-000C29C66E3D	Trust: 0.2

REFERENCES

url:

http://secunia.com/advisories/43723/http

Trust: 5.4

SOURCES

db:	IVD	id:	d10c1f4c-1f9b-11e6-abef-000c29c66e3d
db:	IVD	id:	cfb685ec-1f9b-11e6-abef-000c29c66e3d
db:	IVD	id:	d2473478-1f9b-11e6-abef-000c29c66e3d
db:	IVD	id:	dcc32308-1f9b-11e6-abef-000c29c66e3d
db:	IVD	id:	db50ddd0-1f9b-11e6-abef-000c29c66e3d
db:	IVD	id:	d3fbf61e-1f9b-11e6-abef-000c29c66e3d
db:	IVD	id:	d5a6c462-1f9b-11e6-abef-000c29c66e3d
db:	IVD	id:	dfb80812-1f9b-11e6-abef-000c29c66e3d
db:	IVD	id:	d8810ba2-1f9b-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2011-1086
db:	CNVD	id:	CNVD-2011-1078
db:	CNVD	id:	CNVD-2011-1089
db:	CNVD	id:	CNVD-2011-1085
db:	CNVD	id:	CNVD-2011-1083
db:	CNVD	id:	CNVD-2011-1090
db:	CNVD	id:	CNVD-2011-1087
db:	CNVD	id:	CNVD-2011-1081
db:	CNVD	id:	CNVD-2011-1084

LAST UPDATE DATE

2024-09-15T23:13:40.367000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-1086	date:	2011-03-15T00:00:00
db:	CNVD	id:	CNVD-2011-1078	date:	2011-03-15T00:00:00
db:	CNVD	id:	CNVD-2011-1089	date:	2011-03-15T00:00:00
db:	CNVD	id:	CNVD-2011-1085	date:	2011-03-15T00:00:00
db:	CNVD	id:	CNVD-2011-1083	date:	2011-03-15T00:00:00
db:	CNVD	id:	CNVD-2011-1090	date:	2011-03-15T00:00:00
db:	CNVD	id:	CNVD-2011-1087	date:	2011-03-15T00:00:00
db:	CNVD	id:	CNVD-2011-1081	date:	2011-03-15T00:00:00
db:	CNVD	id:	CNVD-2011-1084	date:	2011-03-15T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	d10c1f4c-1f9b-11e6-abef-000c29c66e3d	date:	2011-03-15T00:00:00
db:	IVD	id:	cfb685ec-1f9b-11e6-abef-000c29c66e3d	date:	2011-03-15T00:00:00
db:	IVD	id:	d2473478-1f9b-11e6-abef-000c29c66e3d	date:	2011-03-15T00:00:00
db:	IVD	id:	dcc32308-1f9b-11e6-abef-000c29c66e3d	date:	2011-03-15T00:00:00
db:	IVD	id:	db50ddd0-1f9b-11e6-abef-000c29c66e3d	date:	2011-03-15T00:00:00
db:	IVD	id:	d3fbf61e-1f9b-11e6-abef-000c29c66e3d	date:	2011-03-15T00:00:00
db:	IVD	id:	d5a6c462-1f9b-11e6-abef-000c29c66e3d	date:	2011-03-15T00:00:00
db:	IVD	id:	dfb80812-1f9b-11e6-abef-000c29c66e3d	date:	2011-03-15T00:00:00
db:	IVD	id:	d8810ba2-1f9b-11e6-abef-000c29c66e3d	date:	2011-03-15T00:00:00
db:	CNVD	id:	CNVD-2011-1086	date:	2011-03-15T00:00:00
db:	CNVD	id:	CNVD-2011-1078	date:	2011-03-15T00:00:00
db:	CNVD	id:	CNVD-2011-1089	date:	2011-03-15T00:00:00
db:	CNVD	id:	CNVD-2011-1085	date:	2011-03-15T00:00:00
db:	CNVD	id:	CNVD-2011-1083	date:	2011-03-15T00:00:00
db:	CNVD	id:	CNVD-2011-1090	date:	2011-03-15T00:00:00
db:	CNVD	id:	CNVD-2011-1087	date:	2011-03-15T00:00:00
db:	CNVD	id:	CNVD-2011-1081	date:	2011-03-15T00:00:00
db:	CNVD	id:	CNVD-2011-1084	date:	2011-03-15T00:00:00