Skip to Content

Which service pack fixes CVE-2018-2427: Remote Code Execution Vulnerability?

Hi,

As per below links Crystal Reports has "CVE-2018-2427: SAP BusinessObjects and Crystal Reports Remote Code Execution Vulnerability".

References:

CVE, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2427

CVE, http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2427

Other, https://launchpad.support.sap.com//notes/2620738

Other, https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000

Where can I find if this vunerability is fixed in Crystal Reports 2016 SP6 (v14.2.6.2839) or not? Please guide me to the release note of Crystal Reports 2016 SP6 (v14.2.6.2839) that shows the vulnerabilities and issues fixed.

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Posted on Oct 24, 2019 at 06:12 PM

    According to SAP Note 2620738 - [CVE-2018-2427] Code Injection vulnerability in SAP CrystalReports

    fixed in

    Crystal Reports for VS SP23

    Crystal Reports 2013 SP9 Patch12, SP10 Patch6, SP11 Patch1 or SP12

    Crystal Reports 2016 SP4 Patch8, SP5 Patch 3 or SP6

    so it fixed in

    Crystal Reports 2016 SP6

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.