The following vulnerabilities have been discovered:

• An authenticated user with a non-administrative privileges could gain administrative privileges
• A remote attacker with no user privileges could add a license
• A user with administrative privileges could execute a cross-scripting attack by entering a specially formed username in the Add User window
• A remote attacker could execute a cross-scripting attack by entering a specially formed license key in the Licensing page.

Blue Coat Systems considers this vulnerability to be low priority due to the fact that Blue Coat Reporter is not a product that is designed or recommended to be run outside of a secure intranet environment.