Solved: Security Vulnerability in SAP Crystal Reports for ...

neilpayne-1 · ‎2025 Mar 07

Hello

Regarding Crystal report for eclipse (java) - SP31;

Looks like there is vulnerability CVE-2024-21742 in file:

lib/xmlconnector.jar/lib/apache-mime4j-core-0.8.9.jar

version 0.8.10 and beyond does not have this vulnerability:
https://mvnrepository.com/artifact/org.apache.james/apache-mime4j-core

CVE details:
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.

Can someone confirm if this is effected by this CVE, and if so can this be a hotfix or new service pack?

Thank you!

DonWilliams · ‎2025 Mar 08

I pinged R&D to comment on this one.

Often though there are reported CVE's but CR doesn't use that part so it doesn't affect the use in CR Applications.

If you have concerns for your implementation in your app you will need to show R&D how your app is vulnerable in a test app they can look at.

They are in Shanghai so it may take a few days to get a response...

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My SAP Profile

My SAP Profile

Security Vulnerability in SAP Crystal Reports for Eclipse (JAVA) SP31 - CVE-2024-21742

Know the answer?

Need more details?