Lucene search

[email protected]CVE-2001-1464

HistoryApr 21, 2005 - 4:00 a.m.

CVE-2001-1464

2005-04-2104:00:00

[email protected]

web.nvd.nist.gov

crystal reports

password protection

data security

html

cve-2001-1464

7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

83.0%

JSON

Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords.

Affected configurations

NVD

Node

businessobjectscrystal_reports

CPENameOperatorVersion
businessobjects:crystal_reportsbusinessobjects crystal reportseq*

CPE	Name	Operator	Version
businessobjects:crystal_reports	businessobjects crystal reports	eq	*

References

www.kb.cert.org/vuls/id/403307

exchange.xforce.ibmcloud.com/vulnerabilities/7928

7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

83.0%

JSON

Related for CVE-2001-1464

cvelist1 nvd1