2023 Apr 26 11:43 AM
sap-cr2020-vulnerabilities-bau-release-2023-04-26.txt (please change the extension to csv)
Dear SAP team
One of our prestigious customer in Singapore had raised the vulnerabilities for third party libraries (like Apache Log4Net, curl, libjpeg, libpng, OpenSSL, zlib) in Crystal Report 2012 six months back. Hence we have upgraded to Crystal Reports 2020 in last month. We packed our product suite with Crystal Reports 2020 and delivered to customer. Now we have received another vulnerability report in Crystal Reports 2020. I have attached the report for your review. We tried to search into SAP community for some of the vulnerability ids. However either couldn't find the reference or satisfactory answers to some of the ids. We would like to understand more from you about these vulnerabilities and suggested approach to resolved them. Can we also check if SAP has any roadmap to address the incremental vulnerabilities in third party libraries? Any periodical releases etc? Thanks.
Regards,
Sarjerao
2023 May 18 9:34 AM