CVE-2018-2406
MEDIUMSAP Crystal Reports Server 4.0-4.30 - Unquoted Search Path Vulnerability
Title source: llmDescription
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path.
References (3)
Core 3
Core References
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2560132
Vendor Advisory x_refsource_confirm
https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/
Broken Link vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103719
Scores
CVSS v3
5.3
EPSS
0.0007
EPSS Percentile
21.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-428
Status
published
Products (4)
sap/crystal_reports_server
4.0
sap/crystal_reports_server
4.10
sap/crystal_reports_server
4.20
sap/crystal_reports_server
4.30
Published
Apr 10, 2018
Tracked Since
Feb 18, 2026