cnvd - cnvd-2020-04342

cnvd-2020-04342

Vulnerability from cnvd

Title: SAP Crystal Reports for Visual Studio信息泄露漏洞

Description:

SAP Crystal Reports for Visual Studio是德国思爱普（SAP）公司的一套适用于Visual Studio开发平台的Crystal报表设计软件。

SAP Crystal Reports for Visual Studio存在信息泄露漏洞，该漏洞源于网络系统或产品在运行过程中存在配置等错误。攻击者可利用该漏洞获取受影响组件敏感信息。

Severity: 中

Patch Name: SAP Crystal Reports for Visual Studio信息泄露漏洞的补丁

Patch Description:

SAP Crystal Reports for Visual Studio是德国思爱普（SAP）公司的一套适用于Visual Studio开发平台的Crystal报表设计软件。

SAP Crystal Reports for Visual Studio存在信息泄露漏洞，该漏洞源于网络系统或产品在运行过程中存在配置等错误。攻击者可利用该漏洞获取受影响组件敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114

Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-0285

Impacted products

Name
SAP Crystal Reports for Visual Studio 2010

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-0285",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0285"
    }
  },
  "description": "SAP Crystal Reports for Visual Studio\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957\u9002\u7528\u4e8eVisual Studio\u5f00\u53d1\u5e73\u53f0\u7684Crystal\u62a5\u8868\u8bbe\u8ba1\u8f6f\u4ef6\u3002\n\nSAP Crystal Reports for Visual Studio\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u5b58\u5728\u914d\u7f6e\u7b49\u9519\u8bef\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-04342",
  "openTime": "2020-02-08",
  "patchDescription": "SAP Crystal Reports for Visual Studio\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957\u9002\u7528\u4e8eVisual Studio\u5f00\u53d1\u5e73\u53f0\u7684Crystal\u62a5\u8868\u8bbe\u8ba1\u8f6f\u4ef6\u3002\r\n\r\nSAP Crystal Reports for Visual Studio\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u5b58\u5728\u914d\u7f6e\u7b49\u9519\u8bef\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP Crystal Reports for Visual Studio\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SAP Crystal Reports for Visual Studio 2010"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-0285",
  "serverity": "\u4e2d",
  "submitTime": "2019-04-11",
  "title": "SAP Crystal Reports for Visual Studio\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2019-0285 (GCVE-0-2019-0285)

Vulnerability from cvelistv5

Published

2019-04-10 20:26

Modified

2024-08-04 17:44

Severity ?

CWE

Information Disclosure

Summary

The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.

References

▼	URL	Tags
	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114	x_refsource_CONFIRM
	https://launchpad.support.sap.com/#/notes/2687663	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	SAP SE	SAP Crystal Reports for Visual Studio	Version: < 2010

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:44:16.353Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2687663"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP Crystal Reports for Visual Studio",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2010"
            }
          ]
        }
      ],
      "datePublic": "2019-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-01T17:06:09",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2687663"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2019-0285",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP Crystal Reports for Visual Studio",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "2010"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114",
              "refsource": "CONFIRM",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2687663",
              "refsource": "CONFIRM",
              "url": "https://launchpad.support.sap.com/#/notes/2687663"
            },
            {
              "name": "http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/153471/SAP-Crystal-Reports-Information-Disclosure.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2019-0285",
    "datePublished": "2019-04-10T20:26:59",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:44:16.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted