SB2019041050 - Information disclosure in SAP Crystal Reports
Published: April 10, 2019 Updated: August 8, 2020
Security Bulletin ID
SB2019041050
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2019-0285)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.
Remediation
Install update from vendor's website.