All the vulnerabilites related to SAP - SAP Internet Graphics Server (IGS)
cve-2018-2438
Vulnerability from cvelistv5
Published
2018-07-10 18:00
Modified
2024-08-05 04:21
Severity ?
EPSS score ?
Summary
The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104707 | vdb-entry, x_refsource_BID | |
| https://launchpad.support.sap.com/#/notes/2644238 | x_refsource_MISC | |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP | SAP Internet Graphics Server (IGS) |
Version: = 7.20 Version: = 7.20EXT Version: = 7.45 Version: = 7.49 Version: = 7.53 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:33.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104707",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104707"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2644238"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": " SAP Internet Graphics Server (IGS)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "= 7.20"
},
{
"status": "affected",
"version": "= 7.20EXT"
},
{
"status": "affected",
"version": "= 7.45"
},
{
"status": "affected",
"version": "= 7.49"
},
{
"status": "affected",
"version": "= 7.53"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-12T09:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "104707",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104707"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2644238"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": " SAP Internet Graphics Server (IGS)",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "7.20"
},
{
"version_name": "=",
"version_value": "7.20EXT"
},
{
"version_name": "=",
"version_value": "7.45"
},
{
"version_name": "=",
"version_value": "7.49"
},
{
"version_name": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104707",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104707"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2644238",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2644238"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2438",
"datePublished": "2018-07-10T18:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:21:33.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-2439
Vulnerability from cvelistv5
Published
2018-07-10 18:00
Modified
2024-08-05 04:21
Severity ?
EPSS score ?
Summary
The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to the multiplexer and the SAP Internet Graphics Server (IGS) multiplexer had insufficient input validation and thus allowing a malformed data packet to cause a crash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104708 | vdb-entry, x_refsource_BID | |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 | x_refsource_CONFIRM | |
| https://launchpad.support.sap.com/#/notes/2644147 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP | SAP Internet Graphics Server (IGS) |
Version: = 7.20 Version: = 7.20EXT Version: = 7.45 Version: = 7.49 Version: = 7.53 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:33.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104708",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104708"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2644147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": " SAP Internet Graphics Server (IGS)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "= 7.20"
},
{
"status": "affected",
"version": "= 7.20EXT"
},
{
"status": "affected",
"version": "= 7.45"
},
{
"status": "affected",
"version": "= 7.49"
},
{
"status": "affected",
"version": "= 7.53"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to the multiplexer and the SAP Internet Graphics Server (IGS) multiplexer had insufficient input validation and thus allowing a malformed data packet to cause a crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Code Injection ",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-12T09:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "104708",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104708"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2644147"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": " SAP Internet Graphics Server (IGS)",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "7.20"
},
{
"version_name": "=",
"version_value": "7.20EXT"
},
{
"version_name": "=",
"version_value": "7.45"
},
{
"version_name": "=",
"version_value": "7.49"
},
{
"version_name": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to the multiplexer and the SAP Internet Graphics Server (IGS) multiplexer had insufficient input validation and thus allowing a malformed data packet to cause a crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104708"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2644147",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2644147"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2439",
"datePublished": "2018-07-10T18:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:21:33.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-2437
Vulnerability from cvelistv5
Published
2018-07-10 18:00
Modified
2024-08-05 04:21
Severity ?
EPSS score ?
Summary
The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104705 | vdb-entry, x_refsource_BID | |
| https://launchpad.support.sap.com/#/notes/2644227 | x_refsource_MISC | |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | SAP | SAP Internet Graphics Server (IGS) |
Version: = 7.20 Version: = 7.20EXT Version: = 7.45 Version: = 7.49 Version: = 7.53 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:34.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104705",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2644227"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": " SAP Internet Graphics Server (IGS)",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "= 7.20"
},
{
"status": "affected",
"version": "= 7.20EXT"
},
{
"status": "affected",
"version": "= 7.45"
},
{
"status": "affected",
"version": "= 7.49"
},
{
"status": "affected",
"version": "= 7.53"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Disclosure of information and malicious file insertion or modification.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-11T09:57:01",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "104705",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2644227"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": " SAP Internet Graphics Server (IGS)",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "7.20"
},
{
"version_name": "=",
"version_value": "7.20EXT"
},
{
"version_name": "=",
"version_value": "7.45"
},
{
"version_name": "=",
"version_value": "7.49"
},
{
"version_name": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Disclosure of information and malicious file insertion or modification."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104705"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2644227",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2644227"
},
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000",
"refsource": "CONFIRM",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2437",
"datePublished": "2018-07-10T18:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T04:21:34.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}