Vulnerabilities > SAP > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-02-14 CVE-2018-2390 Unspecified vulnerability in SAP Internet Graphics Server
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS Chart service.
network
low complexity
sap
6.5
2018-02-14 CVE-2018-2389 Improper Encoding or Escaping of Output vulnerability in SAP Internet Graphics Server
Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file.
network
low complexity
sap CWE-116
5.7
2018-02-14 CVE-2018-2388 Cross-site Scripting vulnerability in SAP Internet Graphics Server
Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
network
low complexity
sap CWE-79
6.1
2018-02-14 CVE-2018-2387 Unspecified vulnerability in SAP Internet Graphics Server
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise.
network
low complexity
sap
6.5
2018-02-14 CVE-2018-2386 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Internet Graphics Server
Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53.
network
low complexity
sap CWE-119
6.5
2018-02-14 CVE-2018-2385 Divide By Zero vulnerability in SAP Internet Graphics Server
Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
network
low complexity
sap CWE-369
6.5
2018-02-14 CVE-2018-2384 NULL Pointer Dereference vulnerability in SAP Internet Graphics Server
Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services.
network
low complexity
sap CWE-476
6.5
2018-02-14 CVE-2018-2383 Cross-site Scripting vulnerability in SAP Internet Graphics Server
Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53.
network
low complexity
sap CWE-79
6.1
2018-02-14 CVE-2018-2382 Unspecified vulnerability in SAP Internet Graphics Server
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise.
network
low complexity
sap
6.5
2018-02-14 CVE-2018-2379 Information Exposure Through an Error Message vulnerability in SAP Hana Extended Application Services 1.0
In SAP HANA Extended Application Services, 1.0, an unauthenticated user could test if a given username is valid by evaluating error messages of a specific endpoint.
network
low complexity
sap CWE-209
6.5