CVE-2021-40500: CVE-2021-40500

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-40500

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

XML外部实体引用的不恰当限制(XXE)

Source: NVD (National Vulnerability Database)

Vulnerability Title

SAP BusinessObjects Business Intelligence Platform和SAP BusinessObjects Business Intelligence Platform 代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

SAP BusinessObjects Business Intelligence Platform是德国思爱普（SAP）公司的一款完备的商务分析平台。该平台集市场领先的 SAP 数据整合产品、数据管理产品和商务智能 (BI) 产品于一身，可消除系统集成难题，快速、轻松地部署高性能的商务分析软件。 SAP BusinessObjects Business Intelligence Platform存在代码问题漏洞，该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
SAP SE	SAP BusinessObjects Business Intelligence Platform (Crystal Reports)	< 420	-

II. Public POCs for CVE-2021-40500

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-40500

Please Login to view more intelligence information

https://launchpad.support.sap.com/#/notes/3074693x_refsource_MISC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2021-40500

IV. Related Vulnerabilities

Same vendor: SAP SE

Same weakness: CWE-611

V. Comments for CVE-2021-40500

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-40500

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-40500

III. Intelligence Information for CVE-2021-40500

IV. Related Vulnerabilities

V. Comments for CVE-2021-40500

Leave a comment