CVE-2018-2389

MEDIUM

SAP Internet Graphics Server 7.20, 7.20EXT, 7.45, 7.49, 7.53 - Log File Injection

Title source: llm

Description

Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file.

References (2)

Core 2

Core References

Permissions Required, Vendor Advisory x_refsource_confirm

https://launchpad.support.sap.com/#/notes/2525222

Vendor Advisory x_refsource_confirm

https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/

Scores

CVSS v3 5.7

EPSS 0.0020

EPSS Percentile 42.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-116

Status published

Products (5)

sap/internet_graphics_server 7.20

sap/internet_graphics_server 7.20ext

sap/internet_graphics_server 7.45

sap/internet_graphics_server 7.49

sap/internet_graphics_server 7.53

Published Feb 14, 2018

Tracked Since Feb 18, 2026