CVE-2019-0285

CRITICAL

SAP Crystal Reports - Cleartext Storage

Title source: rule

Description

The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.

Exploits (1)

exploitdb WRITEUP

by Mohamed M.Fouad · textwebappsmultiple

https://www.exploit-db.com/exploits/47061

View Code ZIP pw:eip

References (3)

[Permissions Required, Vendor Advisory] https://launchpad.support.sap.com/#/notes/2687663

[Vendor Advisory] https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html

Scores

CVSS v3 9.8

EPSS 0.0728

EPSS Percentile 91.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-312

Status published

Products (1)

sap/crystal_reports 2010

Published Apr 10, 2019

Tracked Since Feb 18, 2026