CVE-2018-2439
moderate-risk
Published 2018-07-10
The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to the multiplexer and the SAP Internet Graphics Server (IGS) multiplexer had insufficient input validation and thus allowing a malformed data packet to cause a crash.
Do I need to act?
-
0.46% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.9/10
Medium
NETWORK
/ HIGH complexity
Affected Products (5)
Affected Vendors
References (6)
Third Party Advisory
http://www.securityfocus.com/bid/104708
Permissions Required
https://launchpad.support.sap.com/#/notes/2644147
Third Party Advisory
http://www.securityfocus.com/bid/104708
Permissions Required
https://launchpad.support.sap.com/#/notes/2644147
32
/ 100
moderate-risk
Severity
18/34 · Moderate
Exploitability
2/34 · Minimal
Exposure
12/34 · Low