Insufficient Request Validation in SAP Internet Graphics Server
CVE-2018-2439

5.9MEDIUM

Key Information:

Vendor

SAP
Status
SAP Internet Graphics Server (igs)
Vendor
CVE Published:
10 July 2018

What is CVE-2018-2439?

The SAP Internet Graphics Server (IGS) exhibits a vulnerability due to insufficient request validation across various components, including the HTTP and RFC listeners, as well as during multiplexer portwatcher registration. This flaw enables the server to process malformed requests under specific conditions, potentially leading to a crash and service disruption. Organizations using vulnerable versions should implement necessary safeguards to prevent exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP Internet Graphics Server (IGS) = 7.20 = 7.20

SAP Internet Graphics Server (IGS) = 7.20EXT = 7.20EXT

SAP Internet Graphics Server (IGS) = 7.45 = 7.45

References

http://www.securityfocus.com/bid/104708
vdb-entryx_refsource_BID
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_CONFIRM
https://launchpad.support.sap.com/#/notes/2644147
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.