CVE-2018-2437

9.1CRITICAL

Key Information:

Vendor: SAP
Status: SAP Internet Graphics Server (igs)
Vendor: CVE Published:; 10 July 2018

Summary

The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification.

Affected Version(s)

SAP Internet Graphics Server (IGS) = 7.20 = 7.20

SAP Internet Graphics Server (IGS) = 7.20EXT = 7.20EXT

SAP Internet Graphics Server (IGS) = 7.45 = 7.45

References

http://www.securityfocus.com/bid/104705

vdb-entryx_refsource_BID

https://launchpad.support.sap.com/#/notes/2644227

x_refsource_MISC

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2018
Vulnerability Reserved
Dec 15, 2017