PT-2018-15537 · Sap · Crystal Reports Server

Published

2018-04-10

Updated

2019-10-09

CVE-2018-2406

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Crystal Reports Server, OEM Edition (CRSE) versions 4.0 through 4.30

Description The issue concerns an unquoted windows search path, also known as a directory/path traversal vulnerability, in the startup path of the affected software.

Recommendations For Crystal Reports Server, OEM Edition (CRSE) versions 4.0 through 4.30, update the startup path to properly quote the directory to prevent path traversal attacks.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-428

Related Identifiers

CVE-2018-2406

Affected Products

Crystal Reports Server

PT-2018-15537 · Sap · Crystal Reports Server

CVE-2018-2406

Weakness Enumeration

Related Identifiers

Affected Products

References · 5