CVE-2004-0204

CVE Database · CVE-2004-0204

CVE-2004-0204

· N/AModified

CVSS v3.1

N/A

EPSS

72.99%

Published

Aug 6, 2004

Modified

Apr 15, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBBusiness Objects Crystal Reports 9/10 Web Form Viewer - Directory Traversal TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

Affected Products (19)

bea · weblogic_servervulnerable

borland_software · j_buildervulnerable

References (18)

http://marc.info/?l=bugtraq&m=108360413811017&w=2

http://marc.info/?l=bugtraq&m=108671836127360&w=2

http://secunia.com/advisories/11800

http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp

http://www.osvdb.org/6748

http://www.securityfocus.com/bid/10260

ExploitPatchVendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017

https://exchange.xforce.ibmcloud.com/vulnerabilities/16044

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157

http://marc.info/?l=bugtraq&m=108360413811017&w=2

KEV Catalog EPSS Scores Vendors All CVEs