VDB

CVE-2021-40500

CVE-2021-40500 PUBLISHED CVSS 7.5 HIGH

SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server.

EPSS 1.21% · 79.3th percentile

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
1.21%
79.3th percentile

Affected Products

VendorProductVersions
SAP SESAP BusinessObjects Business Intelligence Platform (Crystal Reports)< 420, < 430
sapbusinessobjects_business_intelligence_platform4.20, 4.30

Timeline

  • Oct 12, 2021 CVE Published
  • Oct 13, 2021 EPSS Score
  • Dec 8, 2021 EPSS Score
  • Feb 3, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 31, 2022 EPSS Score
  • May 27, 2022 EPSS Score
  • Jul 23, 2022 EPSS Score
  • Sep 18, 2022 EPSS Score
  • Nov 13, 2022 EPSS Score
  • Mar 6, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›