Sign-up

ID

VAR-201904-1088


CVE

CVE-2019-0285


TITLE

Visual Studio for SAP Crystal Reports Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-003335

DESCRIPTION

The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker. SAP Crystal Reports is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks

Trust: 1.98

sources: NVD: CVE-2019-0285 // JVNDB: JVNDB-2019-003335 // BID: 107829 // VULMON: CVE-2019-0285

AFFECTED PRODUCTS

vendor:sapmodel:crystal reportsscope:eqversion:2010

Trust: 1.8

vendor:sapmodel:crystal reports for visual studioscope:eqversion:20100

Trust: 0.3

sources: BID: 107829 // JVNDB: JVNDB-2019-003335 // NVD: CVE-2019-0285

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-0285
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-0285
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201904-471
value: CRITICAL

Trust: 0.6

VULMON: CVE-2019-0285
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-0285
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2019-0285
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2019-0285 // JVNDB: JVNDB-2019-003335 // CNNVD: CNNVD-201904-471 // NVD: CVE-2019-0285

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2019-003335 // NVD: CVE-2019-0285

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-471

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201904-471

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003335

EXPLOIT AVAILABILITY
sources:
            
            
            VULMON: CVE-2019-0285

PATCH
title:SAP Security Patch Day - April 2019url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114
Trust: 0.8
title:SAP Crystal Reports for Visual Studio Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91299
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-003335 // 
            
            
            
            CNNVD: CNNVD-201904-471

EXTERNAL IDS
db:NVDid:CVE-2019-0285
Trust: 2.8
db:PACKETSTORMid:153471
Trust: 1.7
db:BIDid:107829
Trust: 1.0
db:JVNDBid:JVNDB-2019-003335
Trust: 0.8
db:EXPLOIT-DBid:47061
Trust: 0.7
db:CNNVDid:CNNVD-201904-471
Trust: 0.6
db:VULMONid:CVE-2019-0285
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-0285 // 
            
            
            
            BID: 107829 // 
            
            
            
            JVNDB: JVNDB-2019-003335 // 
            
            
            
            CNNVD: CNNVD-201904-471 // 
            
            
            
            NVD: CVE-2019-0285

REFERENCES
url:http://packetstormsecurity.com/files/153471/sap-crystal-reports-information-disclosure.html
Trust: 2.3
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=517899114
Trust: 2.0
url:https://launchpad.support.sap.com/#/notes/2687663
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-0285
Trust: 1.4
url:http://www.sap.com
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0285
Trust: 0.8
url:https://www.securityfocus.com/bid/107829
Trust: 0.7
url:https://www.exploit-db.com/exploits/47061
Trust: 0.7
url:https://vigilance.fr/vulnerability/sap-multiples-vulnerabilities-of-april-2019-28982
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/312.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-0285 // 
            
            
            
            BID: 107829 // 
            
            
            
            JVNDB: JVNDB-2019-003335 // 
            
            
            
            CNNVD: CNNVD-201904-471 // 
            
            
            
            NVD: CVE-2019-0285

CREDITS
The vendor reported the issue.,Mohamed M.Fouad
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201904-471

SOURCES
db:VULMONid:CVE-2019-0285
db:BIDid:107829
db:JVNDBid:JVNDB-2019-003335
db:CNNVDid:CNNVD-201904-471
db:NVDid:CVE-2019-0285

LAST UPDATE DATE
2024-11-23T22:51:49.895000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2019-0285date:2020-08-24T00:00:00
db:BIDid:107829date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-003335date:2019-05-15T00:00:00
db:CNNVDid:CNNVD-201904-471date:2020-08-25T00:00:00
db:NVDid:CVE-2019-0285date:2024-11-21T04:16:38.377

SOURCES RELEASE DATE
db:VULMONid:CVE-2019-0285date:2019-04-10T00:00:00
db:BIDid:107829date:2019-04-09T00:00:00
db:JVNDBid:JVNDB-2019-003335date:2019-05-15T00:00:00
db:CNNVDid:CNNVD-201904-471date:2019-04-09T00:00:00
db:NVDid:CVE-2019-0285date:2019-04-10T21:29:01.417