|
Description
|
|
Multiple vulnerabilities have been identified in SAP Crystal Reports, which could be exploited by attackers to manipulate or obtain certain information, cause a denial of service or execute arbitrary commands.
The first issue is caused by input validation errors in the "InfoViewApp/jsp/common/actionNav.jsp", "InfoViewApp/jsp/common/error.jsp" and "InfoViewApp/logon.jsp" scripts when processing the "actId", "backUrl" and "logonAction" parameters, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected site.
The second vulnerability is caused by design errors in the "scriptinghelpers.dll" ActiveX control which includes the insecure methods "CreateTextFile()", "LaunchProgram()", "DeleteFile()" and "Kill()", which could allow attackers to create, overwrite, or delete arbitrary files, kill processes, or execute arbitrary commands via a malicious web page.
The third issue is caused by an input validation error in the "PerformanceManagement/jsp/qa.jsp" script when handling the "path" parameter, which could allow directory traversal attacks.
|
