CVE-2018-2439
MEDIUMSAP Internet Graphics Server 7.20, 7.20EXT, 7.45, 7.49, 7.53 - Denial of Service via Malformed Data Packet
Title source: llmDescription
The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to the multiplexer and the SAP Internet Graphics Server (IGS) multiplexer had insufficient input validation and thus allowing a malformed data packet to cause a crash.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104708
Vendor Advisory x_refsource_confirm
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2644147
Scores
CVSS v3
5.9
EPSS
0.0046
EPSS Percentile
64.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (5)
sap/internet_graphics_server
7.20
sap/internet_graphics_server
7.20ext
sap/internet_graphics_server
7.45
sap/internet_graphics_server
7.49
sap/internet_graphics_server
7.53
Published
Jul 10, 2018
Tracked Since
Feb 18, 2026