Log Injection Vulnerability in SAP Internet Graphics Server
CVE-2018-2389
5.7MEDIUM
Summary
A log injection vulnerability exists in SAP Internet Graphics Server, allowing malicious users to craft and inject log entries that can obscure critical information. This could potentially mislead administrators during audits or troubleshooting, increasing the risk of unaddressed security incidents. It is essential to apply the latest security patches to mitigate the risks associated with this vulnerability.
Affected Version(s)
SAP Internet Graphics Server 7.20
SAP Internet Graphics Server 7.20EXT
SAP Internet Graphics Server 7.45
References
CVSS V3.1
Score:
5.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved