CVE-2004-0204 : Directory traversal vulnerability in the web viewers for Business Objects Crysta

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

Published 2004-08-06 04:00:00

Updated 2018-10-12 21:34:12

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Products affected by CVE-2004-0204

Microsoft » Outlook » Version: 2003 Business Contact Manager Edition
cpe:2.3:a:microsoft:outlook:2003:*:business_contact_manager:*:*:*:*:*
Matching versions
Microsoft » Business Solutions Crm » Version: 1.2
cpe:2.3:a:microsoft:business_solutions_crm:1.2:*:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio .net » Version: 2003 Update Gold
cpe:2.3:a:microsoft:visual_studio_.net:2003:gold:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 8.1 Express Edition
cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 8.1 Win32 Edition
cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 8.1 Update SP1 Win32 Edition
cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 8.1 Update SP2
cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 8.1 Update SP2 Express Edition
cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 8.1 Update SP2 Win32 Edition
cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 8.1 Update SP1
cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 8.1 Update SP1 Express Edition
cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
Matching versions
BEA » Weblogic Server » Version: 8.1
cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
Matching versions
Borland Software » J Builder
cpe:2.3:a:borland_software:j_builder:*:*:*:*:*:*:*:*
Matching versions
Businessobjects » Crystal Reports » Version: 10
cpe:2.3:a:businessobjects:crystal_reports:10:*:*:*:*:*:*:*
Matching versions
Businessobjects » Crystal Reports » Version: 9
cpe:2.3:a:businessobjects:crystal_reports:9:*:*:*:*:*:*:*
Matching versions
Businessobjects » Crystal Enterprise » Version: 10
cpe:2.3:a:businessobjects:crystal_enterprise:10:*:*:*:*:*:*:*
Matching versions
Businessobjects » Crystal Enterprise » Version: 9
cpe:2.3:a:businessobjects:crystal_enterprise:9:*:*:*:*:*:*:*
Matching versions
Businessobjects » Crystal Enterprise Java Sdk » Version: 8.5
cpe:2.3:a:businessobjects:crystal_enterprise_java_sdk:8.5:*:*:*:*:*:*:*
Matching versions
Businessobjects » Crystal Enterprise Ras » Version: 8.5 Unix Edition
cpe:2.3:a:businessobjects:crystal_enterprise_ras:8.5:*:unix:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2004-0204

EPSS FAQ

80.79%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2004-0204

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2004-0204

Jump to

Vulnerability Details : CVE-2004-0204

Products affected by CVE-2004-0204

Exploit prediction scoring system (EPSS) score for CVE-2004-0204

CVSS scores for CVE-2004-0204

References for CVE-2004-0204