PT-2001-2555 · Sap · Crystal Reports

Published

2001-01-10

Updated

2017-07-11

CVE-2001-1464

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Crystal Reports (affected versions not specified)

Description The issue allows remote attackers to obtain passwords when Crystal Reports displays data for a password-protected database using HTML pages. This occurs because the username and password are embedded in cleartext in the HTML page and the URL.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-1464

Affected Products

Crystal Reports

PT-2001-2555 · Sap · Crystal Reports

CVE-2001-1464

Related Identifiers

Affected Products

References · 3