7.5

CVE-2004-0204

Exploit

EPSS 77.62%
Published 06.08.2004 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

Affected products Warnungen 0 Metrics 2 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Bea ≫ Weblogic Server Version8.1

Bea ≫ Weblogic Server Version8.1 Editionexpress

Bea ≫ Weblogic Server Version8.1 Editionwin32

Bea ≫ Weblogic Server Version8.1 Updatesp1

Bea ≫ Weblogic Server Version8.1 Updatesp1 Editionexpress

Bea ≫ Weblogic Server Version8.1 Updatesp1 Editionwin32

Bea ≫ Weblogic Server Version8.1 Updatesp2

Bea ≫ Weblogic Server Version8.1 Updatesp2 Editionexpress

Bea ≫ Weblogic Server Version8.1 Updatesp2 Editionwin32

Borland Software ≫ J Builder

Businessobjects ≫ Crystal Enterprise Version9

Businessobjects ≫ Crystal Enterprise Version10

Businessobjects ≫ Crystal Enterprise Java Sdk Version8.5

Businessobjects ≫ Crystal Enterprise Ras Version8.5 Editionunix

Businessobjects ≫ Crystal Reports Version9

Businessobjects ≫ Crystal Reports Version10

Microsoft ≫ Business Solutions Crm Version1.2

Microsoft ≫ Outlook Version2003 Editionbusiness_contact_manager

Microsoft ≫ Visual Studio .Net Version2003 Updategold

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	77.62%	0.989

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://marc.info/?l=bugtraq&m=108360413811017&w=2

http://marc.info/?l=bugtraq&m=108671836127360&w=2

http://secunia.com/advisories/11800

http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp

http://www.osvdb.org/6748

http://www.securityfocus.com/bid/10260

Patch

Vendor Advisory

Exploit

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017

https://exchange.xforce.ibmcloud.com/vulnerabilities/16044

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157

https://nvd.nist.gov/vuln/detail/CVE-2004-0204

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0204

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0204

EUVD