cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Text4Shell Vulnerability - CVE-2022-42889

Go to solution
avandeloo
Explorer

on ‎2022 Nov 28 5:41 PM

0 Kudos
2,004

There is a “Common Text” vulnerability in the Apache Web Server built in the SAP Crystal Reports version introduced in October.

I’ve reached out to SAP support to see when they plan to deploy a patch to remediate this, I’ve was directed to ask the community question here.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
DellSC
Active Contributor
‎2022 Nov 28 7:14 PM
0 Kudos

Is this Crystal Reports or Crystal Reports Server? I don't recall that Apache is part of Crystal Reports.

-Dell

DellSC
Active Contributor
‎2022 Nov 28 7:32 PM
0 Kudos

I changed the tags on your question to SAP Crystal Server and SAP BusinessObjects Business Intelligence platform.

The SAP Crystal Reports tag is for questions about report design and using the Crystal Reports desktop software.

-Dell

avandeloo
Explorer
‎2022 Nov 28 7:44 PM
0 Kudos

This is for SAP Crystal Reports, not Server. Below is the information on the Vulnerability.

View Entire Topic
former_member1027468
Discoverer
‎2023 Jan 12 4:10 PM
0 Kudos

The user above stated this is for Crystal Reports, not server. I am also seeing this issue and I can't just ignore it as it's part of cybersecurity vulnerability scans that are very important for our company. I'm not sure if ignoring it is the correct answer to receive from support. Is there any plans to fix this in a patch?

Show replies
Show replies
avandeloo
Explorer
‎2023 Jan 18 3:11 PM

Thank you! Finally someone that is reading for comprehension and sees the same thing I do. I am mystified at level of service being provided by SAP. I tried removing the file that has the vulnerability but our AV (MS Defender) still shows it's a threat.

Would really love for this to be taken seriously and addressed.

Ask a Question