ID

VAR-201112-0274


CVE

CVE-2011-4805


TITLE

SAP Crystal Report Server 2008 'pubDBLogon.jsp' Cross-Site Scripting Vulnerability

Trust: 0.8

sources: IVD: 54741eca-1f88-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3708

DESCRIPTION

Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter. SAP Crystal Reports Server 2008 is a comprehensive reporting solution that creates, manages, and delivers reports online or embedded in enterprise applications. This could allow the attacker to steal cookie-based authentication credentials and launch other attacks

Trust: 2.61

sources: NVD: CVE-2011-4805 // JVNDB: JVNDB-2011-003371 // CNVD: CNVD-2011-3708 // BID: 49656 // IVD: 54741eca-1f88-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 54741eca-1f88-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3708

AFFECTED PRODUCTS

vendor:sapmodel:crystal reports serverscope:eqversion:2008

Trust: 2.2

vendor:sapmodel:crystal report serverscope:eqversion:2008

Trust: 0.8

vendor:sapmodel:crystal reports serverscope:eqversion:20080

Trust: 0.3

vendor:crystal reports servermodel: - scope:eqversion:2008

Trust: 0.2

sources: IVD: 54741eca-1f88-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3708 // BID: 49656 // JVNDB: JVNDB-2011-003371 // CNNVD: CNNVD-201112-217 // NVD: CVE-2011-4805

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4805
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4805
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201112-217
value: MEDIUM

Trust: 0.6

IVD: 54741eca-1f88-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2011-4805
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 54741eca-1f88-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 54741eca-1f88-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-003371 // CNNVD: CNNVD-201112-217 // NVD: CVE-2011-4805

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2011-003371 // NVD: CVE-2011-4805

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201109-280 // CNNVD: CNNVD-201112-217

TYPE

XSS

Trust: 1.2

sources: CNNVD: CNNVD-201109-280 // CNNVD: CNNVD-201112-217

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003371

PATCH

title:Top Pageurl:http://www.sap.com/

Trust: 0.8

title:Patch for SAP Crystal Report Server 2008 'pubDBLogon.jsp' Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/5108

Trust: 0.6

sources: CNVD: CNVD-2011-3708 // JVNDB: JVNDB-2011-003371

EXTERNAL IDS

db:NVDid:CVE-2011-4805

Trust: 2.9

db:BIDid:49656

Trust: 1.5

db:CNVDid:CNVD-2011-3708

Trust: 0.8

db:CNNVDid:CNNVD-201112-217

Trust: 0.8

db:JVNDBid:JVNDB-2011-003371

Trust: 0.8

db:CNNVDid:CNNVD-201109-280

Trust: 0.6

db:BUGTRAQid:20111117 [DSECRG-11-033] SAP CRYSTAL REPORT SERVER PUBDBLOGON - LINKED ÕSS VULNERABILITY

Trust: 0.6

db:IVDid:54741ECA-1F88-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 54741eca-1f88-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-3708 // BID: 49656 // JVNDB: JVNDB-2011-003371 // CNNVD: CNNVD-201109-280 // CNNVD: CNNVD-201112-217 // NVD: CVE-2011-4805

REFERENCES

url:http://dsecrg.com/pages/vul/show.php?id=333

Trust: 2.5

url:https://service.sap.com/sap/support/notes/1562292

Trust: 1.9

url:http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a

Trust: 1.6

url:http://www.securityfocus.com/archive/1/520560/100/0/threaded

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4805

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4805

Trust: 0.8

url:http://www.securityfocus.com/bid/49656

Trust: 0.6

url:http://www.securityfocus.com/archive/1/archive/1/520560/100/0/threaded

Trust: 0.6

url:http://www.sap.com/solutions/sap-crystal-solutions/query-reporting-analysis/sapcrystalreports/index.epx

Trust: 0.3

sources: CNVD: CNVD-2011-3708 // BID: 49656 // JVNDB: JVNDB-2011-003371 // CNNVD: CNNVD-201109-280 // CNNVD: CNNVD-201112-217 // NVD: CVE-2011-4805

CREDITS

Dmitriy Chastuchin, Digital Security Research Group

Trust: 0.9

sources: BID: 49656 // CNNVD: CNNVD-201109-280

SOURCES

db:IVDid:54741eca-1f88-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-3708
db:BIDid:49656
db:JVNDBid:JVNDB-2011-003371
db:CNNVDid:CNNVD-201109-280
db:CNNVDid:CNNVD-201112-217
db:NVDid:CVE-2011-4805

LAST UPDATE DATE

2024-08-14T14:14:38.342000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-3708date:2011-09-19T00:00:00
db:BIDid:49656date:2011-12-15T19:38:00
db:JVNDBid:JVNDB-2011-003371date:2011-12-16T00:00:00
db:CNNVDid:CNNVD-201109-280date:2011-09-20T00:00:00
db:CNNVDid:CNNVD-201112-217date:2011-12-14T00:00:00
db:NVDid:CVE-2011-4805date:2018-10-09T19:33:35.027

SOURCES RELEASE DATE

db:IVDid:54741eca-1f88-11e6-abef-000c29c66e3ddate:2011-09-19T00:00:00
db:CNVDid:CNVD-2011-3708date:2011-09-19T00:00:00
db:BIDid:49656date:2011-09-16T00:00:00
db:JVNDBid:JVNDB-2011-003371date:2011-12-16T00:00:00
db:CNNVDid:CNNVD-201109-280date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201112-217date:2011-12-14T00:00:00
db:NVDid:CVE-2011-4805date:2011-12-14T00:55:06.153