File Upload Vulnerability in SAP Internet Graphics Server
CVE-2018-2420

6.5MEDIUM

Key Information:

Vendor

SAP
Status
SAP Internet Graphics Server (igs)
Vendor
CVE Published:
9 May 2018

What is CVE-2018-2420?

The SAP Internet Graphics Server (IGS) is susceptible to a file upload vulnerability due to inadequate validation of uploaded file formats. An attacker can exploit this weakness to upload arbitrary files, which may include malicious scripts. This could lead to unauthorized access to server resources and execution of harmful actions. Organizations using affected versions of SAP IGS must ensure immediate patching and closely monitor their systems for signs of exploitation.

Affected Version(s)

SAP Internet Graphics Server (IGS) 7.20

SAP Internet Graphics Server (IGS) 7.20EXT

SAP Internet Graphics Server (IGS) 7.45

References

https://launchpad.support.sap.com/#/notes/2615635
x_refsource_MISC
https://blogs.sap.com/2018/05/08/sap-security-patch-day-m...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104108
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.