Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-2389 | 1 Sap | 1 Internet Graphics Server | 2020-08-24 | 4.0 MEDIUM | 5.7 MEDIUM |
| Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file. | |||||
| CVE-2018-2387 | 1 Sap | 1 Internet Graphics Server | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise. | |||||
| CVE-2018-2395 | 1 Sap | 1 Internet Graphics Server | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files. | |||||
| CVE-2018-2382 | 1 Sap | 1 Internet Graphics Server | 2020-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise. | |||||
| CVE-2018-2437 | 1 Sap | 1 Internet Graphics Server | 2020-08-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification. | |||||
| CVE-2018-2421 | 1 Sap | 1 Internet Graphics Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-2420 | 1 Sap | 1 Internet Graphics Server | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation. | |||||
| CVE-2018-2423 | 1 Sap | 1 Internet Graphics Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-2422 | 1 Sap | 1 Internet Graphics Server | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2018-2396 | 1 Sap | 1 Internet Graphics Server | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service. | |||||
| CVE-2018-2390 | 1 Sap | 1 Internet Graphics Server | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS Chart service. | |||||
| CVE-2018-2394 | 1 Sap | 1 Internet Graphics Server | 2019-10-02 | 5.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files. | |||||
| CVE-2018-2391 | 1 Sap | 1 Internet Graphics Server | 2019-10-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS portwatcher service. | |||||
| CVE-2018-2438 | 1 Sap | 1 Internet Graphics Server | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||
| CVE-2006-6346 | 1 Sap | 1 Internet Graphics Server | 2018-10-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134. | |||||
| CVE-2006-6345 | 1 Sap | 1 Internet Graphics Server | 2018-10-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request. NOTE: This information is based upon an initial disclosure. Details will be updated after the grace period has ended. This issue is different from CVE-2006-4133 and CVE-2006-4134. | |||||
| CVE-2006-4133 | 1 Sap | 1 Internet Graphics Server | 2018-10-17 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation. | |||||
| CVE-2006-4134 | 1 Sap | 1 Internet Graphics Server | 2018-10-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability related to a "design flaw" in SAP Internet Graphics Service (IGS) 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||
| CVE-2007-3613 | 1 Sap | 1 Internet Graphics Server | 2018-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Internet Graphics Service (IGS) allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter. | |||||
| CVE-2018-2442 | 1 Sap | 2 Businessobjects Business Intelligence, Internet Graphics Server | 2018-10-11 | 6.8 MEDIUM | 8.8 HIGH |
| In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid. | |||||