6.9 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.965 High
EPSS
Percentile
99.6%
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via “…” sequences in the dynamicimag argument to crystalimagehandler.aspx.
marc.info/?l=bugtraq&m=108360413811017&w=2
marc.info/?l=bugtraq&m=108671836127360&w=2
secunia.com/advisories/11800
support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp
www.osvdb.org/6748
www.securityfocus.com/bid/10260
docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017
exchange.xforce.ibmcloud.com/vulnerabilities/16044
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157