Search criteria
26 vulnerabilities found for SAP Internet Graphics Server by SAP SE
CVE-2018-2385 (GCVE-0-2018-2385)
Vulnerability from cvelistv5 – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
Severity
No CVSS data available.
CWE
- Denial-of-Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2385",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2389 (GCVE-0-2018-2389)
Vulnerability from cvelistv5 – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file.
Severity
No CVSS data available.
CWE
- Log Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Log Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Log Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2389",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2384 (GCVE-0-2018-2384)
Vulnerability from cvelistv5 – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
Severity
No CVSS data available.
CWE
- Denial-of-Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2384",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2393 (GCVE-0-2018-2393)
Vulnerability from cvelistv5 – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:21
VLAI
Summary
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.
Severity
No CVSS data available.
CWE
- Missing XML Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:32.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing XML Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing XML Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2393",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:21:32.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2386 (GCVE-0-2018-2386)
Vulnerability from cvelistv5 – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53.
Severity
No CVSS data available.
CWE
- Denial-of-Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2386",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2394 (GCVE-0-2018-2394)
Vulnerability from cvelistv5 – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:21
VLAI
Summary
Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files.
Severity
No CVSS data available.
CWE
- Denial-of-Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:32.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2394",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:21:32.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2388 (GCVE-0-2018-2388)
Vulnerability from cvelistv5 – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
Severity
No CVSS data available.
CWE
- Cross-site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2388",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2392 (GCVE-0-2018-2392)
Vulnerability from cvelistv5 – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.
Severity
No CVSS data available.
CWE
- Missing XML Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing XML Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing XML Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2392",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2396 (GCVE-0-2018-2396)
Vulnerability from cvelistv5 – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:21
VLAI
Summary
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service.
Severity
No CVSS data available.
CWE
- Denial-of-Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:32.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2396",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:21:32.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2387 (GCVE-0-2018-2387)
Vulnerability from cvelistv5 – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2387",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2382 (GCVE-0-2018-2382)
Vulnerability from cvelistv5 – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2382",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2383 (GCVE-0-2018-2383)
Vulnerability from cvelistv5 – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
Severity
No CVSS data available.
CWE
- Reflected Cross-Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2383",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2395 (GCVE-0-2018-2395)
Vulnerability from cvelistv5 – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:21
VLAI
Summary
Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files.
Severity
No CVSS data available.
CWE
- Unrestricted File Upload
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/103019 | vdb-entryx_refsource_BID |
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:33.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103019",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103019"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unrestricted File Upload",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T10:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "103019",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103019"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted File Upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103019"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2395",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:21:33.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2385 (GCVE-0-2018-2385)
Vulnerability from nvd – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
Severity
No CVSS data available.
CWE
- Denial-of-Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2385",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2389 (GCVE-0-2018-2389)
Vulnerability from nvd – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file.
Severity
No CVSS data available.
CWE
- Log Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Log Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Log Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2389",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2384 (GCVE-0-2018-2384)
Vulnerability from nvd – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
Severity
No CVSS data available.
CWE
- Denial-of-Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2384",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2393 (GCVE-0-2018-2393)
Vulnerability from nvd – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:21
VLAI
Summary
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.
Severity
No CVSS data available.
CWE
- Missing XML Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:32.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing XML Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing XML Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2393",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:21:32.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2386 (GCVE-0-2018-2386)
Vulnerability from nvd – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53.
Severity
No CVSS data available.
CWE
- Denial-of-Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2386",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2394 (GCVE-0-2018-2394)
Vulnerability from nvd – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:21
VLAI
Summary
Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files.
Severity
No CVSS data available.
CWE
- Denial-of-Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:32.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2394",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:21:32.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2388 (GCVE-0-2018-2388)
Vulnerability from nvd – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
Severity
No CVSS data available.
CWE
- Cross-site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2388",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2392 (GCVE-0-2018-2392)
Vulnerability from nvd – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.
Severity
No CVSS data available.
CWE
- Missing XML Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing XML Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing XML Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2392",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2396 (GCVE-0-2018-2396)
Vulnerability from nvd – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:21
VLAI
Summary
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service.
Severity
No CVSS data available.
CWE
- Denial-of-Service
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:32.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2396",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:21:32.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2387 (GCVE-0-2018-2387)
Vulnerability from nvd – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2387",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2382 (GCVE-0-2018-2382)
Vulnerability from nvd – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise.
Severity
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2382",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2383 (GCVE-0-2018-2383)
Vulnerability from nvd – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:14
VLAI
Summary
Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
Severity
No CVSS data available.
CWE
- Reflected Cross-Site Scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:14:39.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-14T11:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2383",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:14:39.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-2395 (GCVE-0-2018-2395)
Vulnerability from nvd – Published: 2018-02-14 12:00 – Updated: 2024-08-05 04:21
VLAI
Summary
Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files.
Severity
No CVSS data available.
CWE
- Unrestricted File Upload
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/103019 | vdb-entryx_refsource_BID |
| https://launchpad.support.sap.com/#/notes/2525222 | x_refsource_CONFIRM |
| https://blogs.sap.com/2018/02/13/sap-security-pat… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP Internet Graphics Server |
Affected:
7.20
Affected: 7.20EXT Affected: 7.45 Affected: 7.49 Affected: 7.53 |
Date Public
2018-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:21:33.202Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103019",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103019"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP Internet Graphics Server",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "7.20"
},
{
"status": "affected",
"version": "7.20EXT"
},
{
"status": "affected",
"version": "7.45"
},
{
"status": "affected",
"version": "7.49"
},
{
"status": "affected",
"version": "7.53"
}
]
}
],
"datePublic": "2018-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unrestricted File Upload",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-15T10:57:01.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"name": "103019",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103019"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Internet Graphics Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
},
{
"version_affected": "=",
"version_value": "7.20EXT"
},
{
"version_affected": "=",
"version_value": "7.45"
},
{
"version_affected": "=",
"version_value": "7.49"
},
{
"version_affected": "=",
"version_value": "7.53"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted File Upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103019"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2525222",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2525222"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2018-2395",
"datePublished": "2018-02-14T12:00:00.000Z",
"dateReserved": "2017-12-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:21:33.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}