topic Vulernabilities in Application Development and Automation Discussions https://community.sap.com/t5/application-development-and-automation-discussions/vulernabilities/m-p/12198809#M1981581 <P>Is there a version of the crystal reports runtime installer that addresses the following vulnerabilities:</P> <UL> <LI>1.Vulnerabilities exist because CRRuntime installs IIS to the root of C:\. This is considered a high vulnerability. </LI> <LI>This can be found in the following locations within the application:</LI> <LI>C:\inetpub</LI> <LI>2.Vulnerabilities exist because CRRuntime installs an <STRONG>unknown version of libcurl</STRONG> which may contain vulnerabilities according to the following Common Vulnerabilities datastore link:</LI> <LI><A href="https://www.cvedetails.com/vulnerability-list/vendor_id-12682/product_id-25085/Haxx-Libcurl.html" target="test_blank">https://www.cvedetails.com/vulnerability-list/vendor_id-12682/product_id-25085/Haxx-Libcurl.html</A> </LI> </UL> <UL> <LI>This can be found in the following location within the application: c:\program files (x86)\sap businessobjects\crystal reports for .net framework 4.0\common\sap businessobjects enterprise xi 4.0\win32_x86\libcurl.dll </LI> <LI>3.Vulnerabilities exist because CRRuntime installs libssh2 version 1.4.3 which contain vulnerabilities according to the following Common Vulnerabilities datastore link:</LI> </UL> <A href="https://www.cvedetails.com/vulnerability-list/vendor_id-15300/product_id-31293/Libssh2-Libssh2.html">https://www.cvedetails.com/vulnerability-list/vendor_id-15300/product_id-31293/Libssh2-Libssh2.html</A> <BR /> <UL> <LI>This can be found in the following location within the application:c:\program files (x86)\sap businessobjects\crystal reports for .net framework 4.0\common\sap businessobjects enterprise xi 4.0\win32_x86\libssh2.dll</LI> </UL> <LI>4.Vulnerabilities exist because CRRuntime installs openssl version 1.0.2h which contain vulnerabilities according to the following Common Vulnerabilities datastore link:</LI> <A href="https://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/Openssl-Openssl.html">https://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/Openssl-Openssl.html</A> <BR /> <UL> <LI>This can be found in the following location within the application: c:\program files (x86)\sap businessobjects\crystal reports for .net framework 4.0\common\sap businessobjects enterprise xi 4.0\win32_x86\ssleaym32.dll</LI> </UL> <LI>5.Vulnerabilities exist because Arena Simulation version 16.x installs xercex version 3.1.4 which contain vulnerabilities according to the following Common Vulnerabilities datastore link:</LI> <A href="https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-31348/Apache-Xerces-c.html">https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-31348/Apache-Xerces-c.html</A> <BR /> <BR /> <UL> <LI>This can be found in the following location within the application: c:\program files (x86)\sap businessobjects\crystal reports for .net framework 4.0\common\sap businessobjects enterprise xi 4.0\win32_x86\xerces-c_3_1.dll</LI> </UL> <BR /> Mon, 16 Mar 2020 14:35:25 GMT Former Member 2020-03-16T14:35:25Z Vulernabilities https://community.sap.com/t5/application-development-and-automation-discussions/vulernabilities/m-p/12198809#M1981581 <P>Is there a version of the crystal reports runtime installer that addresses the following vulnerabilities:</P> <UL> <LI>1.Vulnerabilities exist because CRRuntime installs IIS to the root of C:\. This is considered a high vulnerability. </LI> <LI>This can be found in the following locations within the application:</LI> <LI>C:\inetpub</LI> <LI>2.Vulnerabilities exist because CRRuntime installs an <STRONG>unknown version of libcurl</STRONG> which may contain vulnerabilities according to the following Common Vulnerabilities datastore link:</LI> <LI><A href="https://www.cvedetails.com/vulnerability-list/vendor_id-12682/product_id-25085/Haxx-Libcurl.html" target="test_blank">https://www.cvedetails.com/vulnerability-list/vendor_id-12682/product_id-25085/Haxx-Libcurl.html</A> </LI> </UL> <UL> <LI>This can be found in the following location within the application: c:\program files (x86)\sap businessobjects\crystal reports for .net framework 4.0\common\sap businessobjects enterprise xi 4.0\win32_x86\libcurl.dll </LI> <LI>3.Vulnerabilities exist because CRRuntime installs libssh2 version 1.4.3 which contain vulnerabilities according to the following Common Vulnerabilities datastore link:</LI> </UL> <A href="https://www.cvedetails.com/vulnerability-list/vendor_id-15300/product_id-31293/Libssh2-Libssh2.html">https://www.cvedetails.com/vulnerability-list/vendor_id-15300/product_id-31293/Libssh2-Libssh2.html</A> <BR /> <UL> <LI>This can be found in the following location within the application:c:\program files (x86)\sap businessobjects\crystal reports for .net framework 4.0\common\sap businessobjects enterprise xi 4.0\win32_x86\libssh2.dll</LI> </UL> <LI>4.Vulnerabilities exist because CRRuntime installs openssl version 1.0.2h which contain vulnerabilities according to the following Common Vulnerabilities datastore link:</LI> <A href="https://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/Openssl-Openssl.html">https://www.cvedetails.com/vulnerability-list/vendor_id-217/product_id-383/Openssl-Openssl.html</A> <BR /> <UL> <LI>This can be found in the following location within the application: c:\program files (x86)\sap businessobjects\crystal reports for .net framework 4.0\common\sap businessobjects enterprise xi 4.0\win32_x86\ssleaym32.dll</LI> </UL> <LI>5.Vulnerabilities exist because Arena Simulation version 16.x installs xercex version 3.1.4 which contain vulnerabilities according to the following Common Vulnerabilities datastore link:</LI> <A href="https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-31348/Apache-Xerces-c.html">https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-31348/Apache-Xerces-c.html</A> <BR /> <BR /> <UL> <LI>This can be found in the following location within the application: c:\program files (x86)\sap businessobjects\crystal reports for .net framework 4.0\common\sap businessobjects enterprise xi 4.0\win32_x86\xerces-c_3_1.dll</LI> </UL> <BR /> Mon, 16 Mar 2020 14:35:25 GMT https://community.sap.com/t5/application-development-and-automation-discussions/vulernabilities/m-p/12198809#M1981581 Former Member 2020-03-16T14:35:25Z