cancel
Showing results for 
Search instead for 
Did you mean: 

Which service pack fixes CVE-2018-2427: Remote Code Execution Vulnerability?

0 Kudos

Hi,

As per below links Crystal Reports has "CVE-2018-2427: SAP BusinessObjects and Crystal Reports Remote Code Execution Vulnerability".

References:

CVE, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2427

CVE, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2427

Other, https://launchpad.support.sap.com//notes/2620738

Other, https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000

Where can I find if this vunerability is fixed in Crystal Reports 2016 SP6 (v14.2.6.2839) or not? Please guide me to the release note of Crystal Reports 2016 SP6 (v14.2.6.2839) that shows the vulnerabilities and issues fixed.

Accepted Solutions (0)

Answers (1)

Answers (1)

vitaly_izmaylov
Employee
Employee
0 Kudos

According to SAP Note 2620738 - [CVE-2018-2427] Code Injection vulnerability in SAP CrystalReports

fixed in

Crystal Reports for VS SP23

Crystal Reports 2013 SP9 Patch12, SP10 Patch6, SP11 Patch1 or SP12

Crystal Reports 2016 SP4 Patch8, SP5 Patch 3 or SP6

so it fixed in

Crystal Reports 2016 SP6