5.9

CVE-2018-2439

The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to the multiplexer and the SAP Internet Graphics Server (IGS) multiplexer had insufficient input validation and thus allowing a malformed data packet to cause a crash.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAPInternet Graphics Server Version7.20
SAPInternet Graphics Server Version7.20ext
SAPInternet Graphics Server Version7.45
SAPInternet Graphics Server Version7.49
SAPInternet Graphics Server Version7.53
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.56% 0.719
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000
Vendor Advisory
http://www.securityfocus.com/bid/104708
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2644147
Vendor Advisory
Permissions Required