CVE-2018-2384 — NULL Pointer Dereference in SE SAP Internet Graphics Server

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 41.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Internet Graphics Server SAP Internet Graphics Server

Timeline

PublishedFeb 14

Latest updateMay 14

Description

Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDsap/internet_graphics_server5 versions+4

▶CVEListV5sap_se/sap_internet_graphics_server5 versions+4

🔴Vulnerability Details

GHSA

GHSA-2696-454c-76j5: Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics S↗2022-05-14

▶

CVEList

CVE-2018-2384: Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics S↗2018-02-14

▶