Description
Crystal Reports, when displaying data for a password protected database using HTML pages, embeds the username and password in cleartext in the HTML page and the URL, which allows remote attackers to obtain passwords.
Products
- BusinessObjects Crystal Reports
- businessobjects Crystal Reports
- Businessobjects Crystal Reports 10.0.0.53327
- businessobjects Crystal Reports 10.0
- Businessobjects Crystal Reports 12.3.1.684
- Businessobjects Crystal Reports 7.0
- Businessobjects Crystal Reports 8.5.0.2176
- businessobjects Crystal Reports 9.0
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2001-1464, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2001-1464 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References