CVE-2018-2389

CWE-116 CWE-732 — Incorrect Permission Assignment4 documents4 sources

Severity

5.7MEDIUM

EPSS

0.2%

top 57.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Internet Graphics Server SAP Internet Graphics Server

Timeline

PublishedFeb 14

Latest updateMay 13

Description

Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages2 packages

▶NVDsap/internet_graphics_server5 versions+4

▶CVEListV5sap_se/sap_internet_graphics_server5 versions+4

🔴Vulnerability Details

GHSA

GHSA-mvp7-h963-xmjh: Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7↗2022-05-13

▶

CVEList

CVE-2018-2389: Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7↗2018-02-14

▶

📋Vendor Advisories

Red Hat

mongodb: Incorrect scoping in shipped sysV scripts allows arbitrary PID insertion to kill↗2019-08-30

▶