EUVD-2018-14243

Malware in sbrugna...

Authorization

ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64N...

Design/Logic Flaw

The SAP Internet Graphics Service IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification...

CVE-2018-2395

Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files...

CVE-2018-2388

Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53...

CVE-2018-2392

Under certain conditions SAP Internet Graphics Server IGS 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server IGS to become unavailable...

CVE-2018-2383

Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53...

Cross site request forgery (csrf)

Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file...

CVE-2018-2392

SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53 contain two XML External Entity Injection vulnerabilities (XXE) in the XMLCHART page (CVE-2018-2392 and CVE-2018-2393). The flaws arise from insufficient validation of the Extension HTML tag during POST requests to ge...

CVE-2018-2384

Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services...

CVE-2018-2387

The CVE-2018-2387 entry describes a vulnerability in SAP Internet Graphics Server affecting versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The issue allows a malicious user to obtain information about open ports that should not be accessible, indicating an information disclosure risk. The connecte...

CVE-2018-2386

Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53...

CVE-2017-16679

URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site...