CVE-2018-2420

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.6%

top 29.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Internet Graphics Server (igs)SAP Internet Graphics Server

Timeline

PublishedMay 9

Latest updateMay 13

Description

SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 2.2 | Impact: 4.2

Affected Packages2 packages

▶NVDsap/internet_graphics_server5 versions+4

▶CVEListV5sap_se/sap_internet_graphics_server_(igs)5 versions+4

🔴Vulnerability Details

GHSA

GHSA-ghqr-5fq8-7vx6: SAP Internet Graphics Server (IGS), 7↗2022-05-13

▶

CVEList

CVE-2018-2420: SAP Internet Graphics Server (IGS), 7↗2018-05-09

▶