CVE-2018-2437

CWE-400 — Uncontrolled Resource Consumption4 documents4 sources

Severity

9.1CRITICAL

EPSS

0.6%

top 31.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SAP Internet Graphics Server (igs)SAP Internet Graphics Server

Timeline

PublishedJul 10

Latest updateMay 13

Description

The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶NVDsap/internet_graphics_server5 versions+4

▶CVEListV5sap/sap_internet_graphics_server_(igs)5 versions+4

🔴Vulnerability Details

GHSA

GHSA-9xc3-6q7f-rvjp: The SAP Internet Graphics Service (IGS), 7↗2022-05-13

▶

CVEList

CVE-2018-2437: The SAP Internet Graphics Service (IGS), 7↗2018-07-10

▶

📋Vendor Advisories

Juniper

CVE-2018-0022: A Junos device with VPLS routing-instances configured on one or more interfaces may be susceptible to an mbuf leak when processing a specific MPLS pac↗2018-04-11

▶