CyberSec.Space Logo
Back to CVE Browser

CVE-2009-3346

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1530%
EPSS Percentile5.43th
PublishedSep 24, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

Affected Platforms (CPE)

πŸ“¦
Sap

Crystal Reports Server

= 2008

References & Advisories

πŸ”— http://intevydis.com/vd-list.shtml
πŸ”— http://secunia.com/advisories/36583
πŸ”— http://www.securityfocus.com/bid/36267
πŸ”— http://intevydis.com/vd-list.shtml
πŸ”— http://secunia.com/advisories/36583
πŸ”— http://www.securityfocus.com/bid/36267

Related Vulnerabilities

CVE-2009-334510.0

Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain ...

CVE-2020-268319.6

SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities d...

CVE-2021-405007.5

SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to ex...

CVE-2006-27186.5

JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal ...