5.9
CVE-2018-2439
- EPSS 0.46%
- Veröffentlicht 10.07.2018 18:29:01
- Zuletzt bearbeitet 21.11.2024 04:03:49
- Quelle cna@sap.com
- Teams Watchlist Login
- Unerledigt Login
The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to the multiplexer and the SAP Internet Graphics Server (IGS) multiplexer had insufficient input validation and thus allowing a malformed data packet to cause a crash.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Internet Graphics Server Version7.20
SAP ≫ Internet Graphics Server Version7.20ext
SAP ≫ Internet Graphics Server Version7.45
SAP ≫ Internet Graphics Server Version7.49
SAP ≫ Internet Graphics Server Version7.53
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.46% | 0.633 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.