Insufficient Request Validation in SAP Internet Graphics Server
CVE-2018-2439

5.9MEDIUM

Key Information:

Vendor: SAP
Status: SAP Internet Graphics Server (igs)
Vendor: CVE Published:; 10 July 2018

🔔 Create SAP Vulnerability Alert

What is CVE-2018-2439?

The SAP Internet Graphics Server (IGS) exhibits a vulnerability due to insufficient request validation across various components, including the HTTP and RFC listeners, as well as during multiplexer portwatcher registration. This flaw enables the server to process malformed requests under specific conditions, potentially leading to a crash and service disruption. Organizations using vulnerable versions should implement necessary safeguards to prevent exploitation.

Affected Version(s)

SAP Internet Graphics Server (IGS) = 7.20 = 7.20

SAP Internet Graphics Server (IGS) = 7.20EXT = 7.20EXT

SAP Internet Graphics Server (IGS) = 7.45 = 7.45

References

http://www.securityfocus.com/bid/104708

vdb-entryx_refsource_BID

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_CONFIRM

https://launchpad.support.sap.com/#/notes/2644147

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 10, 2018
Vulnerability Reserved
Dec 15, 2017

.

CVE-2018-2439 : Insufficient Request Validation in SAP Internet Graphics Server