Input validation

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CDrawRaster::LoadImageFromMemory whic...

CVE-2018-2395

Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files...

CVE-2018-2388

Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53...

CVE-2018-2383

Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53...

Cross site request forgery (csrf)

Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file...

CVE-2018-2384

Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services...

CVE-2018-2387

The CVE-2018-2387 entry describes a vulnerability in SAP Internet Graphics Server affecting versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The issue allows a malicious user to obtain information about open ports that should not be accessible, indicating an information disclosure risk. The connecte...

CVE-2018-2386

Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53...