Access Control Issue in SAP Internet Graphics Server
CVE-2018-2390

6.5MEDIUM

Key Information:

Vendor: SAP
Status: Internet Graphics Server
Vendor: CVE Published:; 14 February 2018

What is CVE-2018-2390?

A vulnerability exists in certain versions of SAP Internet Graphics Server (IGS) that allows a malicious user to impede legitimate users' access to the system through the IGS Chart service. This weakness can lead to significant disruptions, as affected users may be unable to access essential graphical resources, which could hinder business operations. It is crucial for organizations using these versions of SAP IGS to apply necessary security patches and ensure that their environments are secured against potential exploitation.

References

https://launchpad.support.sap.com/#/notes/2525222

x_refsource_CONFIRM

https://blogs.sap.com/2018/02/13/sap-security-patch-day-f...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2018
Vulnerability Reserved
Dec 15, 2017