Solved: Security Vulnerability in SAP Crystal Reports for ...

neilpayne-1 · ‎2025 Mar 07

Hello

Regarding Crystal report for eclipse (java) - SP31;

Looks like there is vulnerability CVE-2024-21742 in file:

lib/xmlconnector.jar/lib/apache-mime4j-core-0.8.9.jar

version 0.8.10 and beyond does not have this vulnerability:
https://mvnrepository.com/artifact/org.apache.james/apache-mime4j-core

CVE details:
Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages.

Can someone confirm if this is effected by this CVE, and if so can this be a hotfix or new service pack?

Thank you!

DonWilliams · ‎2025 Mar 13

I heard back from R&D:

apache-mime4j-core-0.8.9.jar is used to parse XML/web service data sources, If you don’t use XML/web service as the data source, this CVE won’t affect you.

When using Crystal Report for Eclipse, users must first ensure that the data source is secure, so the impact of this CVE on us is also limited.

Additionally, we can consider upgrading it in SP32.

Hope this answers your questions?

Don

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My SAP Profile

My SAP Profile

Security Vulnerability in SAP Crystal Reports for Eclipse (JAVA) SP31 - CVE-2024-21742

Know the answer?

Need more details?