This page lists publicly disclosed CVE vulnerabilities affecting sap crystal_reports (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-6208 | SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability. | [email protected] | 8.2 | 1.14% | 2020-03-10 | 2024-11-21 |
| CVE-2019-0285 | The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker. | [email protected] | 9.8 | 6.61% | 2019-04-10 | 2024-11-21 |
| CVE-2018-2427 | SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application. | [email protected] | 8.8 | 1.73% | 2018-07-10 | 2024-11-21 |
| CVE-2014-5506 | Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. | [email protected] | 6.8 | 3.06% | 2014-09-04 | 2026-05-06 |
| CVE-2014-5505 | Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. | [email protected] | 6.8 | 3.81% | 2014-09-04 | 2026-05-06 |
| CVE-2010-2590 | Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value. | [email protected] | 9.3 | 46.78% | 2010-12-22 | 2026-04-29 |
| CVE-2010-3032 | Integer overflow in the OBGIOPServerWorker::extractHeader function in the ebus-3-3-2-6.dll module in SAP Crystal Reports 2008 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GIOP packet with a crafted size, which triggers a heap-based buffer overflow. | [email protected] | 10.0 | 6.43% | 2010-08-17 | 2026-04-29 |