on 02-25-2015 12:21 PM
We are using SAP Crystal Reports, developer version for Microsoft Visual Studio: Updates & Runtime Downloads - Support Pack 9 (v. 13.0.9.1312)
There was vulnerability which reported in SAP Crystal Reports version 2011 -SAP Crystal Reports - Two Buffer Overflow Vulnerabilities in BI-RA-CR - 1999142.
Is it fixed in support Pack 9 (v. 13.0.9.1312) ?
Hi Manini,
SP 9 is old now and had issues with WEB applications. Upgrade to SP 13
And that case number returns nothing, is it correct?
Don
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Don,
We are currently using SAP Crystal Reports, developer version for Microsoft Visual Studio: Updates & Runtime Downloads - Support Pack 9 (v. 13.0.9.1312). We are using the WPF control for desktop application , we do not use it in web application.
http://service.sap.com/sap/support/notes/1999142
I am attempting to access this URL (SAP) and login dialog box appears which does not accept my credentials. HELP??
I just wanted to confirm with your team , whether the Two Buffer Overflow Vulnerabilities fixed in Support Pack 9 (v. 13.0.9.1312) or not?
Please tell me in which version this was fixed?
Download SP 13 and test, we will not fix SP 9 so see if that gets past your error:
http://scn.sap.com/docs/DOC-7824
And that KBA is a different product, not related issue.
Don
Hi Don,
We do not want to fix anything in previous versions. The Support Pack 9 (v. 13.0.9.1312) is working fine for us currently.
My simple question is , the version which we are using i.e. Support Pack 9 (v. 13.0.9.1312)
does is it have the Vulnerabilities Two Buffer Overflow(1999142) ?
We are just making sure that the Support Pack 9 (v. 13.0.9.1312) even if it is old should have any Vulnerabilities ?
Please confirm.
Hi Manini,
Crystal Reports for Visual Studio SP 9 had serious WEB Application issues so you are better off moving to SP 13.
Unfortunately I can't say for sure if that fix made it into SP 9. I doubt it because those patches were released after CR for VS SP 9 so likely CR for VS may have the issue. But it depends on a lot of things
The KBA refers to BOE which is not the same code stream as CR for VS, they are not linked together. So I doubt it was an issue but nothing I have seen in the KBA links indicated that specific KBA fix was checked into CR for VS code stream.
And BI-RA-CR is the standalone CR Designer, it is not the same code stream and this product.
The info does say exactly what was fixed so I can't say for sure.
If you really want to know purchase a single case or log into SMP and create and Incident and we can escalate it to DEV to confirm or not.
If it was I would have seen BI-DEV-NET listed in the affected/patched Components and it is not. Therefore I suspect it should not have affected this product.
Don
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.