cancel
Showing results for 
Search instead for 
Did you mean: 

Which service pack fixes CVE-2020-6208: Crystal Reports Local Code Execution Vulnerability ?

0 Kudos

Hi,

As per below links Crystal Reports has "CVE-2020-6208: SAP Crystal Reports Local Code Execution Vulnerability".

References:

CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6208

CVE: https://nvd.nist.gov/vuln/detail/CVE-2020-6208

Other: https://launchpad.support.sap.com/#/notes/2861301

Other: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305

Where can I find if this vulnerability is fixed in Crystal Reports 2016 SP6 (v14.2.6.2839) or not? Please guide me to the release note of Crystal Reports 2016 SP6 (v14.2.6.2839) that shows the vulnerabilities and issues fixed. Or else provide the Service Pack / Version Number where it is fixed.

Accepted Solutions (0)

Answers (1)

Answers (1)

DellSC
Active Contributor
0 Kudos

Crystal 2016 was released with BOBJ 4.2. So, looking at the SAP Note that you reference above, the issue was not fixed until Patch 13 of Crystal 2016 SP6, Patch 8 of SP7, and the initial release of SP8.

-Dell