cvedb.io
CVE-2021-40500
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2021-10-12T15:15:09.770 · Last modified 2026-06-17T04:07:03.060

Summary

SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server.

Affected products

sap — businessobjects_business_intelligence_platform

Does this affect you?

Add your gear to cvedb and we'll alert you only when sap ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.