Insufficient Request Validation in SAP Internet Graphics Server
CVE-2018-2439

5.9MEDIUM

Key Information:

Vendor
SAP
Status
SAP Internet Graphics Server (igs)
Vendor
CVE Published:
10 July 2018

Summary

The SAP Internet Graphics Server (IGS) exhibits a vulnerability due to insufficient request validation across various components, including the HTTP and RFC listeners, as well as during multiplexer portwatcher registration. This flaw enables the server to process malformed requests under specific conditions, potentially leading to a crash and service disruption. Organizations using vulnerable versions should implement necessary safeguards to prevent exploitation.

Affected Version(s)

SAP Internet Graphics Server (IGS) = 7.20 = 7.20

SAP Internet Graphics Server (IGS) = 7.20EXT = 7.20EXT

SAP Internet Graphics Server (IGS) = 7.45 = 7.45

References

http://www.securityfocus.com/bid/104708
vdb-entryx_refsource_BID
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_CONFIRM
https://launchpad.support.sap.com/#/notes/2644147
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.