ID

VAR-201103-0371


TITLE

SAP Crystal Reports Server Parameter input vulnerability

Trust: 0.8

sources: IVD: dcc32308-1f9b-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1089

DESCRIPTION

SAP Crystal Reports Server is a complete reporting solution for creating, managing, and delivering reports through the web or embedded enterprise applications. There is an input validation error in SAP Crystal Reports Server. The input passed to aa-open-inlist.jsp via the \"url\", \"sWindow\", \"BEGIN_DATE\", \"END_DATE\", \"CURRENT_DATE\" and \"CURRENT_SLICE\" parameters is missing before returning to the user. Filtering can lead to cross-site scripting attacks

Trust: 6.48

sources: CNVD: CNVD-2011-1086 // CNVD: CNVD-2011-1078 // CNVD: CNVD-2011-1087 // CNVD: CNVD-2011-1090 // CNVD: CNVD-2011-1083 // CNVD: CNVD-2011-1080 // CNVD: CNVD-2011-1085 // CNVD: CNVD-2011-1089 // CNVD: CNVD-2011-1084 // IVD: cfb685ec-1f9b-11e6-abef-000c29c66e3d // IVD: d9ff9d18-1f9b-11e6-abef-000c29c66e3d // IVD: dfb80812-1f9b-11e6-abef-000c29c66e3d // IVD: d5a6c462-1f9b-11e6-abef-000c29c66e3d // IVD: d3fbf61e-1f9b-11e6-abef-000c29c66e3d // IVD: db50ddd0-1f9b-11e6-abef-000c29c66e3d // IVD: dcc32308-1f9b-11e6-abef-000c29c66e3d // IVD: d2473478-1f9b-11e6-abef-000c29c66e3d // IVD: d10c1f4c-1f9b-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 7.2

sources: IVD: d10c1f4c-1f9b-11e6-abef-000c29c66e3d // IVD: cfb685ec-1f9b-11e6-abef-000c29c66e3d // IVD: d2473478-1f9b-11e6-abef-000c29c66e3d // IVD: dcc32308-1f9b-11e6-abef-000c29c66e3d // IVD: db50ddd0-1f9b-11e6-abef-000c29c66e3d // IVD: d3fbf61e-1f9b-11e6-abef-000c29c66e3d // IVD: d5a6c462-1f9b-11e6-abef-000c29c66e3d // IVD: dfb80812-1f9b-11e6-abef-000c29c66e3d // IVD: d9ff9d18-1f9b-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1086 // CNVD: CNVD-2011-1078 // CNVD: CNVD-2011-1089 // CNVD: CNVD-2011-1085 // CNVD: CNVD-2011-1080 // CNVD: CNVD-2011-1083 // CNVD: CNVD-2011-1090 // CNVD: CNVD-2011-1087 // CNVD: CNVD-2011-1084

AFFECTED PRODUCTS

vendor:sapmodel:crystal reports serverscope:eqversion:2008

Trust: 7.2

sources: IVD: d10c1f4c-1f9b-11e6-abef-000c29c66e3d // IVD: cfb685ec-1f9b-11e6-abef-000c29c66e3d // IVD: d2473478-1f9b-11e6-abef-000c29c66e3d // IVD: dcc32308-1f9b-11e6-abef-000c29c66e3d // IVD: db50ddd0-1f9b-11e6-abef-000c29c66e3d // IVD: d3fbf61e-1f9b-11e6-abef-000c29c66e3d // IVD: d5a6c462-1f9b-11e6-abef-000c29c66e3d // IVD: dfb80812-1f9b-11e6-abef-000c29c66e3d // IVD: d9ff9d18-1f9b-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1086 // CNVD: CNVD-2011-1078 // CNVD: CNVD-2011-1089 // CNVD: CNVD-2011-1085 // CNVD: CNVD-2011-1080 // CNVD: CNVD-2011-1083 // CNVD: CNVD-2011-1090 // CNVD: CNVD-2011-1087 // CNVD: CNVD-2011-1084

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: d10c1f4c-1f9b-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

IVD: cfb685ec-1f9b-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

IVD: d2473478-1f9b-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

IVD: dcc32308-1f9b-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

IVD: db50ddd0-1f9b-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

IVD: d3fbf61e-1f9b-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

IVD: d5a6c462-1f9b-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

IVD: dfb80812-1f9b-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

IVD: d9ff9d18-1f9b-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

IVD: d10c1f4c-1f9b-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: cfb685ec-1f9b-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: d2473478-1f9b-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: dcc32308-1f9b-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: db50ddd0-1f9b-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: d3fbf61e-1f9b-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: d5a6c462-1f9b-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: dfb80812-1f9b-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: d9ff9d18-1f9b-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: d10c1f4c-1f9b-11e6-abef-000c29c66e3d // IVD: cfb685ec-1f9b-11e6-abef-000c29c66e3d // IVD: d2473478-1f9b-11e6-abef-000c29c66e3d // IVD: dcc32308-1f9b-11e6-abef-000c29c66e3d // IVD: db50ddd0-1f9b-11e6-abef-000c29c66e3d // IVD: d3fbf61e-1f9b-11e6-abef-000c29c66e3d // IVD: d5a6c462-1f9b-11e6-abef-000c29c66e3d // IVD: dfb80812-1f9b-11e6-abef-000c29c66e3d // IVD: d9ff9d18-1f9b-11e6-abef-000c29c66e3d

TYPE

Input validation error

Trust: 1.6

sources: IVD: d10c1f4c-1f9b-11e6-abef-000c29c66e3d // IVD: cfb685ec-1f9b-11e6-abef-000c29c66e3d // IVD: d2473478-1f9b-11e6-abef-000c29c66e3d // IVD: dcc32308-1f9b-11e6-abef-000c29c66e3d // IVD: db50ddd0-1f9b-11e6-abef-000c29c66e3d // IVD: d3fbf61e-1f9b-11e6-abef-000c29c66e3d // IVD: dfb80812-1f9b-11e6-abef-000c29c66e3d // IVD: d9ff9d18-1f9b-11e6-abef-000c29c66e3d

PATCH

title:Patch for SAP Crystal Reports Server \"analyticToken\" parameter vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/3290

Trust: 0.6

title:Patch for SAP Crystal Reports Server \"backURL\" parameter vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/3283

Trust: 0.6

title:Patch for SAP Crystal Reports Server Parameter Input Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/3292

Trust: 0.6

title:Patch for SAP Crystal Reports Server \"Sel\" parameter vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/3289

Trust: 0.6

title:Patch for SAP Crystal Reports Server \"pagePos\" parameter vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/3285

Trust: 0.6

title:Patch for SAP Crystal Reports Server Multiple Parameter Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/3287

Trust: 0.6

title:Patch for SAP Crystal Reports Server \"DocName\" and \"Label\" parameter vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/3293

Trust: 0.6

title:Patch for SAP Crystal Reports Server \"defTar\" parameter vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/3291

Trust: 0.6

title:Patch for SAP Crystal Reports Server \"swf\" parameter vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/3288

Trust: 0.6

sources: CNVD: CNVD-2011-1086 // CNVD: CNVD-2011-1078 // CNVD: CNVD-2011-1089 // CNVD: CNVD-2011-1085 // CNVD: CNVD-2011-1080 // CNVD: CNVD-2011-1083 // CNVD: CNVD-2011-1090 // CNVD: CNVD-2011-1087 // CNVD: CNVD-2011-1084

EXTERNAL IDS

db:BIDid:46855

Trust: 5.4

db:SECUNIAid:43723

Trust: 5.4

db:CNVDid:CNVD-2011-1086

Trust: 0.8

db:CNVDid:CNVD-2011-1087

Trust: 0.8

db:CNVDid:CNVD-2011-1085

Trust: 0.8

db:CNVDid:CNVD-2011-1089

Trust: 0.8

db:CNVDid:CNVD-2011-1090

Trust: 0.8

db:CNVDid:CNVD-2011-1084

Trust: 0.8

db:CNVDid:CNVD-2011-1083

Trust: 0.8

db:CNVDid:CNVD-2011-1078

Trust: 0.8

db:CNVDid:CNVD-2011-1080

Trust: 0.8

db:IVDid:D10C1F4C-1F9B-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:CFB685EC-1F9B-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:D2473478-1F9B-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:DCC32308-1F9B-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:DB50DDD0-1F9B-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:D3FBF61E-1F9B-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:D5A6C462-1F9B-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:DFB80812-1F9B-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:D9FF9D18-1F9B-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: d10c1f4c-1f9b-11e6-abef-000c29c66e3d // IVD: cfb685ec-1f9b-11e6-abef-000c29c66e3d // IVD: d2473478-1f9b-11e6-abef-000c29c66e3d // IVD: dcc32308-1f9b-11e6-abef-000c29c66e3d // IVD: db50ddd0-1f9b-11e6-abef-000c29c66e3d // IVD: d3fbf61e-1f9b-11e6-abef-000c29c66e3d // IVD: d5a6c462-1f9b-11e6-abef-000c29c66e3d // IVD: dfb80812-1f9b-11e6-abef-000c29c66e3d // IVD: d9ff9d18-1f9b-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-1086 // CNVD: CNVD-2011-1078 // CNVD: CNVD-2011-1089 // CNVD: CNVD-2011-1085 // CNVD: CNVD-2011-1080 // CNVD: CNVD-2011-1083 // CNVD: CNVD-2011-1090 // CNVD: CNVD-2011-1087 // CNVD: CNVD-2011-1084

REFERENCES

url:http://secunia.com/advisories/43723/http

Trust: 5.4

sources: CNVD: CNVD-2011-1086 // CNVD: CNVD-2011-1078 // CNVD: CNVD-2011-1089 // CNVD: CNVD-2011-1085 // CNVD: CNVD-2011-1080 // CNVD: CNVD-2011-1083 // CNVD: CNVD-2011-1090 // CNVD: CNVD-2011-1087 // CNVD: CNVD-2011-1084

SOURCES

db:IVDid:d10c1f4c-1f9b-11e6-abef-000c29c66e3d
db:IVDid:cfb685ec-1f9b-11e6-abef-000c29c66e3d
db:IVDid:d2473478-1f9b-11e6-abef-000c29c66e3d
db:IVDid:dcc32308-1f9b-11e6-abef-000c29c66e3d
db:IVDid:db50ddd0-1f9b-11e6-abef-000c29c66e3d
db:IVDid:d3fbf61e-1f9b-11e6-abef-000c29c66e3d
db:IVDid:d5a6c462-1f9b-11e6-abef-000c29c66e3d
db:IVDid:dfb80812-1f9b-11e6-abef-000c29c66e3d
db:IVDid:d9ff9d18-1f9b-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-1086
db:CNVDid:CNVD-2011-1078
db:CNVDid:CNVD-2011-1089
db:CNVDid:CNVD-2011-1085
db:CNVDid:CNVD-2011-1080
db:CNVDid:CNVD-2011-1083
db:CNVDid:CNVD-2011-1090
db:CNVDid:CNVD-2011-1087
db:CNVDid:CNVD-2011-1084

LAST UPDATE DATE

2024-12-10T23:01:49.737000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-1086date:2011-03-15T00:00:00
db:CNVDid:CNVD-2011-1078date:2011-03-15T00:00:00
db:CNVDid:CNVD-2011-1089date:2011-03-15T00:00:00
db:CNVDid:CNVD-2011-1085date:2011-03-15T00:00:00
db:CNVDid:CNVD-2011-1080date:2011-03-15T00:00:00
db:CNVDid:CNVD-2011-1083date:2011-03-15T00:00:00
db:CNVDid:CNVD-2011-1090date:2011-03-15T00:00:00
db:CNVDid:CNVD-2011-1087date:2011-03-15T00:00:00
db:CNVDid:CNVD-2011-1084date:2011-03-15T00:00:00

SOURCES RELEASE DATE

db:IVDid:d10c1f4c-1f9b-11e6-abef-000c29c66e3ddate:2011-03-15T00:00:00
db:IVDid:cfb685ec-1f9b-11e6-abef-000c29c66e3ddate:2011-03-15T00:00:00
db:IVDid:d2473478-1f9b-11e6-abef-000c29c66e3ddate:2011-03-15T00:00:00
db:IVDid:dcc32308-1f9b-11e6-abef-000c29c66e3ddate:2011-03-15T00:00:00
db:IVDid:db50ddd0-1f9b-11e6-abef-000c29c66e3ddate:2011-03-15T00:00:00
db:IVDid:d3fbf61e-1f9b-11e6-abef-000c29c66e3ddate:2011-03-15T00:00:00
db:IVDid:d5a6c462-1f9b-11e6-abef-000c29c66e3ddate:2011-03-15T00:00:00
db:IVDid:dfb80812-1f9b-11e6-abef-000c29c66e3ddate:2011-03-15T00:00:00
db:IVDid:d9ff9d18-1f9b-11e6-abef-000c29c66e3ddate:2011-03-15T00:00:00
db:CNVDid:CNVD-2011-1086date:2011-03-15T00:00:00
db:CNVDid:CNVD-2011-1078date:2011-03-15T00:00:00
db:CNVDid:CNVD-2011-1089date:2011-03-15T00:00:00
db:CNVDid:CNVD-2011-1085date:2011-03-15T00:00:00
db:CNVDid:CNVD-2011-1080date:2011-03-15T00:00:00
db:CNVDid:CNVD-2011-1083date:2011-03-15T00:00:00
db:CNVDid:CNVD-2011-1090date:2011-03-15T00:00:00
db:CNVDid:CNVD-2011-1087date:2011-03-15T00:00:00
db:CNVDid:CNVD-2011-1084date:2011-03-15T00:00:00