cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Two Buffer Overflow vulnerability status

Go to solution
Former Member

on ‎02-25-2015 12:21 PM

0 Kudos

We are using SAP Crystal Reports, developer version for Microsoft Visual Studio: Updates & Runtime Downloads - Support Pack 9 (v. 13.0.9.1312)

There was vulnerability which  reported in SAP Crystal Reports version 2011 -SAP Crystal Reports - Two Buffer Overflow Vulnerabilities in BI-RA-CR - 1999142.

Is it fixed in support Pack 9 (v. 13.0.9.1312) ?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member11696
Employee
Employee
‎02-25-2015 3:38 PM
0 Kudos

Hi Manini,

SP 9 is old now and had issues with WEB applications. Upgrade to SP 13

And that case number returns nothing, is it correct?

Don

Show replies
Show replies
Former Member
‎02-26-2015 6:48 AM
0 Kudos

Hi Don,

We are currently using SAP Crystal Reports, developer version for Microsoft Visual Studio: Updates & Runtime Downloads - Support Pack 9 (v. 13.0.9.1312). We are using the WPF control for desktop application , we do not use it in web application.

http://service.sap.com/sap/support/notes/1999142

I am attempting to access this URL (SAP) and login dialog box appears which does not accept my credentials. HELP??

I just wanted to confirm with your team , whether the Two Buffer Overflow Vulnerabilities fixed in Support Pack 9 (v. 13.0.9.1312) or not?

Please tell me in which version this was fixed?

former_member11696
Employee
Employee
‎02-26-2015 4:29 PM
0 Kudos

Download SP 13 and test, we will not fix SP 9 so see if that gets past your error:

http://scn.sap.com/docs/DOC-7824

And that KBA is a different product, not related issue.

Don

Former Member
‎02-27-2015 12:46 PM
0 Kudos

Hi Don,

We  do not want to fix anything in previous versions.  The Support Pack 9 (v. 13.0.9.1312) is working fine for us currently.

My simple question is , the version which we are using i.e. Support Pack 9 (v. 13.0.9.1312)

does is it have the Vulnerabilities Two Buffer Overflow(1999142) ?

We are just making sure that the Support Pack 9 (v. 13.0.9.1312) even if it is old should have any Vulnerabilities ?

Please confirm.

former_member11696
Employee
Employee
‎03-02-2015 9:31 PM
0 Kudos

Hi Manini,

Crystal Reports for Visual Studio SP 9 had serious WEB Application issues so you are better off moving to SP 13.

Unfortunately I can't say for sure if that fix made it into SP 9. I doubt it because those patches were released after CR for VS SP 9 so likely CR for VS may have the issue. But it depends on a lot of things

The KBA refers to BOE which is not the same code stream as CR for VS, they are not linked together. So I doubt it was an issue but nothing I have seen in the KBA links indicated that specific KBA fix was checked into CR for VS code stream.

And BI-RA-CR is the standalone CR Designer, it is not the same code stream and this product.

The info does say exactly what was fixed so I can't say for sure.

If you really want to know purchase a single case or log into SMP and create and Incident and we can escalate it to DEV to confirm or not.

If it was I would have seen BI-DEV-NET listed in the affected/patched Components and it is not. Therefore I suspect it should not have affected this product.

Don

Answers (0)

Ask a Question