CVE-2018-2395

HIGH

SAP Internet Graphics Server 7.20, 7.20EXT, 7.45, 7.49, 7.53 - Information Disclosure and Arbitrary File Write

Title source: llm

Description

Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/103019

Permissions Required, Vendor Advisory x_refsource_confirm

https://launchpad.support.sap.com/#/notes/2525222

Vendor Advisory x_refsource_confirm

https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/

Scores

CVSS v3 8.8

EPSS 0.0060

EPSS Percentile 69.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (5)

sap/internet_graphics_server 7.20

sap/internet_graphics_server 7.20ext

sap/internet_graphics_server 7.45

sap/internet_graphics_server 7.49

sap/internet_graphics_server 7.53

Published Feb 14, 2018

Tracked Since Feb 18, 2026