Lucene search

[email protected]CVE-2004-0204

HistoryAug 06, 2004 - 4:00 a.m.

CVE-2004-0204

2004-08-0604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0204

directory traversal

web viewer

business objects

crystal reports

crystal enterprise

visual studio .net

outlook 2003

security vulnerability

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.965 High

EPSS

Percentile

99.6%

JSON

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via “…” sequences in the dynamicimag argument to crystalimagehandler.aspx.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic servereq8.1
microsoft:visual_studio_.netmicrosoft visual studio .neteq2003
microsoft:outlookmicrosoft outlookeq2003
businessobjects:crystal_reportsbusinessobjects crystal reportseq9
microsoft:business_solutions_crmmicrosoft business solutions crmeq1.2
borland_software:j_builderborland software j buildereq*
businessobjects:crystal_enterprisebusinessobjects crystal enterpriseeq9
businessobjects:crystal_enterprisebusinessobjects crystal enterpriseeq10
businessobjects:crystal_reportsbusinessobjects crystal reportseq10
businessobjects:crystal_enterprise_rasbusinessobjects crystal enterprise raseq8.5

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	eq	8.1
microsoft:visual_studio_.net	microsoft visual studio .net	eq	2003
microsoft:outlook	microsoft outlook	eq	2003
businessobjects:crystal_reports	businessobjects crystal reports	eq	9
microsoft:business_solutions_crm	microsoft business solutions crm	eq	1.2
borland_software:j_builder	borland software j builder	eq	*
businessobjects:crystal_enterprise	businessobjects crystal enterprise	eq	9
businessobjects:crystal_enterprise	businessobjects crystal enterprise	eq	10
businessobjects:crystal_reports	businessobjects crystal reports	eq	10
businessobjects:crystal_enterprise_ras	businessobjects crystal enterprise ras	eq	8.5

Rows per page:

1-10 of 111

References

marc.info/?l=bugtraq&m=108360413811017&w=2

marc.info/?l=bugtraq&m=108671836127360&w=2

secunia.com/advisories/11800

support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp

www.osvdb.org/6748

www.securityfocus.com/bid/10260

docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017

exchange.xforce.ibmcloud.com/vulnerabilities/16044

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157

6.9 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.965 High

EPSS

Percentile

99.6%

JSON

Related for CVE-2004-0204

securityvulns1 nessus1 openvas1