CVE-2018-2406 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
sap	CNA	5.3 MEDIUM	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 21%

Vendor	Product	Version
sap	crystal_reports_server	4.0
sap	crystal_reports_server	4.10
sap	crystal_reports_server	4.20
sap	crystal_reports_server	4.30

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-428 - Unquoted Search Path or Element
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

References

http://www.securityfocus.com/bid/103719

https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/

https://launchpad.support.sap.com/#/notes/2560132

http://www.securityfocus.com/bid/103719

https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/

https://launchpad.support.sap.com/#/notes/2560132