Vulnerabilities > SAP > Internet Graphics Server

DATE CVE VULNERABILITY TITLE RISK
2018-08-14 CVE-2018-2442 Cross-Site Request Forgery (CSRF) vulnerability in SAP products
In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid.
network
low complexity
sap CWE-352
8.8
2018-07-10 CVE-2018-2439 Improper Input Validation vulnerability in SAP Internet Graphics Server
The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests.
network
high complexity
sap CWE-20
5.9
2018-07-10 CVE-2018-2438 Unspecified vulnerability in SAP Internet Graphics Server
The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
7.5
2018-07-10 CVE-2018-2437 Unspecified vulnerability in SAP Internet Graphics Server
The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification.
network
low complexity
sap
critical
9.1
2018-05-09 CVE-2018-2423 Unspecified vulnerability in SAP Internet Graphics Server
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
7.5
2018-05-09 CVE-2018-2422 Unspecified vulnerability in SAP Internet Graphics Server
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
7.5
2018-05-09 CVE-2018-2421 Unspecified vulnerability in SAP Internet Graphics Server
SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
network
low complexity
sap
7.5
2018-05-09 CVE-2018-2420 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Internet Graphics Server
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.
network
low complexity
sap CWE-434
critical
9.8
2018-02-14 CVE-2018-2396 Unspecified vulnerability in SAP Internet Graphics Server
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, using IGS Interpreter service.
network
low complexity
sap
6.5
2018-02-14 CVE-2018-2395 Unspecified vulnerability in SAP Internet Graphics Server
Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files.
network
low complexity
sap
8.8