漏洞标题
N/A
漏洞描述信息
SAP商业对象商业智能平台(Crystal Reports)版本4.1和4.2,允许具有基本授权的攻者 inject代码,该代码可以被应用程序执行,从而允许攻者控制应用程序的行为,导致远程代码执行。尽管攻击方式仅属于本地,但由于漏洞的影响,多个应用程序可能会被影响。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
SAP Business Objects Business Intelligence Platform 代码注入漏洞
漏洞描述信息
SAP Business Objects Business Intelligence Platform是德国思爱普(SAP)公司的一套商业智能软件和企业绩效解决方案套件。该产品具有报告生成、分析和数据可视化等功能。 SAP Business Objects Business Intelligence Platform (Crystal Reports) 4.1版本和4.2版本中存在安全漏洞。攻击者可利用该漏洞注入代码,控制程序的运行。
CVSS信息
N/A
漏洞类别
代码注入