ByteOS Network

NVD Vulnerability Details :

CVE-2004-0204

Modified

Source-cve@mitre.org

Published At-06 Aug, 2004 | 04:00

Updated At-16 Apr, 2026 | 00:27

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

BEA Systems, Inc.

>>weblogic_server>>8.1

cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>8.1

cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>8.1

cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>8.1

cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>8.1

cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>8.1

cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>8.1

cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>8.1

cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*

BEA Systems, Inc.

>>weblogic_server>>8.1

cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*

borland_software>>j_builder>>*

cpe:2.3:a:borland_software:j_builder:*:*:*:*:*:*:*:*

businessobjects>>crystal_enterprise>>9

cpe:2.3:a:businessobjects:crystal_enterprise:9:*:*:*:*:*:*:*

businessobjects>>crystal_enterprise>>10

cpe:2.3:a:businessobjects:crystal_enterprise:10:*:*:*:*:*:*:*

businessobjects>>crystal_enterprise_java_sdk>>8.5

cpe:2.3:a:businessobjects:crystal_enterprise_java_sdk:8.5:*:*:*:*:*:*:*

businessobjects>>crystal_enterprise_ras>>8.5

cpe:2.3:a:businessobjects:crystal_enterprise_ras:8.5:*:unix:*:*:*:*:*

businessobjects>>crystal_reports>>9

cpe:2.3:a:businessobjects:crystal_reports:9:*:*:*:*:*:*:*

businessobjects>>crystal_reports>>10

cpe:2.3:a:businessobjects:crystal_reports:10:*:*:*:*:*:*:*

Microsoft Corporation

>>business_solutions_crm>>1.2

cpe:2.3:a:microsoft:business_solutions_crm:1.2:*:*:*:*:*:*:*

Microsoft Corporation

>>outlook>>2003

cpe:2.3:a:microsoft:outlook:2003:*:business_contact_manager:*:*:*:*:*

Microsoft Corporation

>>visual_studio_.net>>2003

cpe:2.3:a:microsoft:visual_studio_.net:2003:gold:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://marc.info/?l=bugtraq&m=108360413811017&w=2	cve@mitre.org	N/A
http://marc.info/?l=bugtraq&m=108671836127360&w=2	cve@mitre.org	N/A
http://secunia.com/advisories/11800	cve@mitre.org	N/A
http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp	cve@mitre.org	N/A
http://www.osvdb.org/6748	cve@mitre.org	N/A
http://www.securityfocus.com/bid/10260	cve@mitre.org	Exploit Patch Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/16044	cve@mitre.org	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157	cve@mitre.org	N/A
http://marc.info/?l=bugtraq&m=108360413811017&w=2	af854a3a-2127-422b-91ae-364da2661108	N/A
http://marc.info/?l=bugtraq&m=108671836127360&w=2	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/11800	af854a3a-2127-422b-91ae-364da2661108	N/A
http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.osvdb.org/6748	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/10260	af854a3a-2127-422b-91ae-364da2661108	Exploit Patch Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/16044	af854a3a-2127-422b-91ae-364da2661108	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157	af854a3a-2127-422b-91ae-364da2661108	N/A