235 matches found
CVE-2021-27627
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method ChartInterpreter::DoIt which will...
CVE-2021-27622
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CDrawRaster::LoadImageFromMemory whic...
Input validation
SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a network which due to insufficient input validation in method CXmlUtility::CheckLength which will...
PT-2021-19386 · Opentext · Opentext Brava! Desktop
Name of the Vulnerable Software and Affected Versions: OpenText Brava! Desktop version 16.6.3.84 package 16.6.3.134 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or op...
OpenText Brava! Desktop IGS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...
SAP Internet Graphics Server (IGS) XMLCHART XXE
This module exploits CVE-2018-2392 and CVE-2018-2393, two XXE vulnerabilities within the XMLCHART page of SAP Internet Graphics Servers IGS running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53. These vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag when...
Design/Logic Flaw
The SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service...
CVE-2018-2437
The SAP Internet Graphics Service IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification...
CVE-2018-2437
CVE-2018-2437 affects SAP Internet Graphics Service (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. The vulnerability allows an attacker to externally trigger IGS command executions, resulting in disclosure of information and potential malicious file insertion or modification. Root cause details ...
CVE-2018-2439
CVE-2018-2439 refers to the SAP Internet Graphics Server (IGS) affecting versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. The issue is insufficient input validation in multiple IGS components (HTTP and RFC listener, portwatcher registration with the multiplexer, and the multiplexer itself), which can al...
CVE-2018-2438
The CVE-2018-2438 entry concerns SAP Internet Graphics Server (IGS) with affected versions including 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The vulnerability type is denial-of-service, enabling an attacker to prevent legitimate users from accessing the service by crashing or flooding it. The issue ...
igs-frankenthal.de Improper Access Control vulnerability
Open Bug Bounty ID: OBB-635199 Description| Value ---|--- Affected Website:| igs-frankenthal.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Other Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
CVE-2018-2420
SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file including script files without proper file format validation...
CVE-2018-2421
CVE-2018-2421 concerns SAP Internet Graphics Server (IGS) Portwatcher and affects listed Portwatcher versions within SAP IGS. The vulnerability enables a denial-of-service by preventing legitimate users from accessing the service, either by crashing or flooding it. The issue is associated with th...
CVE-2018-2422
The CVE-2018-2422 entry concerns SAP Internet Graphics Server (IGS) Portwatcher. Affected versions include 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The vulnerability enables a Denial of Service where an attacker can crash or flood the Portwatcher, preventing legitimate users from accessing the servic...
CVE-2018-2423
CVE-2018-2423 concerns SAP Internet Graphics Server (IGS) when running on versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The issue affects the HTTP and RFC listeners, allowing an attacker to deny service to legitimate users by crashing or flooding the service (availability impact). CVSS metrics in...
CVE-2018-2420
CVE-2018-2420 affects SAP Internet Graphics Server (IGS) across versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. Root cause: improper validation of file formats during upload allows an attacker to upload arbitrary files (including script files). Impact: potential confidentiality, integrity, and availabi...
CVE-2018-2393
Under certain conditions SAP Internet Graphics Server IGS 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server IGS to become unavailable...
CVE-2018-2392
Under certain conditions SAP Internet Graphics Server IGS 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server IGS to become unavailable...
CVE-2018-2390
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS Chart service...