CVE-2018-2439

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.9MEDIUM

EPSS

0.5%

top 35.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SAP Internet Graphics Server (igs)SAP Internet Graphics Server

Timeline

PublishedJul 10

Latest updateMay 14

Description

The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to th…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDsap/internet_graphics_server5 versions+4

▶CVEListV5sap/sap_internet_graphics_server_(igs)5 versions+4

🔴Vulnerability Details

GHSA

GHSA-4pmw-67xf-m59m: The SAP Internet Graphics Server (IGS), 7↗2022-05-14

▶

CVEList

CVE-2018-2439: The SAP Internet Graphics Server (IGS), 7↗2018-07-10

▶