Vulnerability Description
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Crystal Reports | 2010 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disc
- https://launchpad.support.sap.com/#/notes/2687663Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114Vendor Advisory
- http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disc
- https://launchpad.support.sap.com/#/notes/2687663Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114Vendor Advisory
FAQ
What is CVE-2019-0285?
CVE-2019-0285 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.
How severe is CVE-2019-0285?
CVE-2019-0285 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-0285?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Crystal Reports.