28 matches found
CVE-2018-2392
SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53 contain two XML External Entity Injection vulnerabilities (XXE) in the XMLCHART page (CVE-2018-2392 and CVE-2018-2393). The flaws arise from insufficient validation of the Extension HTML tag during POST requests to ge...
CVE-2018-2393
SAP Internet Graphics Server (IGS) vulnerabilities CVE-2018-2393 affect IGS versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53, specifically in the XMLCHART page. The issue arises from insufficient validation of the Extension HTML tag during a POST to generate a new chart, enabling XML External Entity ...
CVE-2006-6346
SAP Internet Graphics Service (IGS) affected: 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier (CVE-2006-6346). Described as an unspecified vulnerability related to "Undocumented Features" that could allow remote attackers to cause a denial of service, obtain configuration files,...
CVE-2018-2394
CVE-2018-2394 affects SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. Under certain conditions, an unauthenticated attacker can prevent legitimate users from accessing services and/or system files. The initial description provides affected versions and impact but no e...
CVE-2018-2442
Summary of CVE-2018-2442 : In SAP BusinessObjects BI (versions 4.0–4.2), viewing a Web Intelligence report from BI Launchpad can reveal session details captured by an HTTP analysis tool, which may be reused in an HTML page while the user session remains valid. This describes a cross‑site request ...
CVE-2006-6345
CVE-2006-6345 affects SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, with a directory traversal in HTTP requests that lets remote attackers delete arbitrary files. Root cause: traversal sequences exploited by the HTTP handling in IGS. Impact...
CVE-2018-2382
CVE-2018-2382 affects SAP Internet Graphics Server (versions 7.20, 7.20EXT, 7.45, 7.49, 7.53). The vulnerability enables a malicious user to store graphics in a controlled area and subsequently access information from the system area that would normally be unavailable. The connected documents pro...
CVE-2018-2387
The CVE-2018-2387 entry describes a vulnerability in SAP Internet Graphics Server affecting versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The issue allows a malicious user to obtain information about open ports that should not be accessible, indicating an information disclosure risk. The connecte...
CVE-2018-2389
CVE-2018-2389 involves SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. Under certain conditions a malicious user can inject log files, hiding important information in the log file. This CVE description is supported by the NVD entry; no explicit exploit details or patc...
CVE-2006-4134
SAP Internet Graphics Service (IGS) affects 6.40 and earlier, and 7.00 and earlier. CVE-2006-4134 describes an unspecified design-flaw that enables remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. Related entries (CVE-2006-6345 and CVE-2006-6346) describ...
CVE-2006-4133
SAP Internet Graphics Service (IGS) vulnerable to a heap-based buffer overflow in 6.40 and earlier, and 7.00 and earlier. An HTTP request containing an ADM:GETLOGFILE command with a long portwatcher argument can overflow during error message construction when _snprintf returns a negative value th...
CVE-2018-2386
CVE-2018-2386 affects the SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. A malicious user can provoke an out-of-bounds buffer overflow under certain conditions, potentially leading to a denial of service affecting legitimate users. The vulnerability is exploitable ov...
CVE-2018-2383
CVE-2018-2383 is a reflected cross-site scripting (XSS) vulnerability in SAP Internet Graphics Server, affecting SAP-GIS versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The CVSS data indicates a network-based vulnerability with no authentication required for CVSSv2 (Access Vector: Network, Complexi...
CVE-2018-2420
CVE-2018-2420 affects SAP Internet Graphics Server (IGS) across versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. Root cause: improper validation of file formats during upload allows an attacker to upload arbitrary files (including script files). Impact: potential confidentiality, integrity, and availabi...
CVE-2018-2384
CVE-2018-2384 affects SAP Internet Graphics Server and its services in multiple versions (7.20, 7.20EXT, 7.45, 7.49, 7.53). The root cause is a Null Pointer dereference under certain conditions, which can prevent legitimate users from accessing the server (availability impact). The provided docum...
CVE-2018-2395
CVE-2018-2395 affects SAP Internet Graphic Server (IGS) with vulnerable versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. Under certain conditions a malicious user could retrieve information and overwrite existing images or corrupt other file types. The available sources confirm the vulnerability descrip...
CVE-2018-2385
CVE-2018-2385 affects SAP Internet Graphics Server (versions 7.20, 7.20EXT, 7.45, 7.49, 7.53 and related services). The issue is a divide-by-zero crash triggered by a malicious user under certain conditions, resulting in partial availability impact. The initial description lists the condition and...
CVE-2018-2422
The CVE-2018-2422 entry concerns SAP Internet Graphics Server (IGS) Portwatcher. Affected versions include 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The vulnerability enables a Denial of Service where an attacker can crash or flood the Portwatcher, preventing legitimate users from accessing the servic...
CVE-2018-2437
CVE-2018-2437 affects SAP Internet Graphics Service (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. The vulnerability allows an attacker to externally trigger IGS command executions, resulting in disclosure of information and potential malicious file insertion or modification. Root cause details ...
CVE-2018-2439
CVE-2018-2439 refers to the SAP Internet Graphics Server (IGS) affecting versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. The issue is insufficient input validation in multiple IGS components (HTTP and RFC listener, portwatcher registration with the multiplexer, and the multiplexer itself), which can al...
CVE-2018-2391
CVE-2018-2391 affects SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. The issue allows a remote attacker to cause a denial of service by exploiting the IGS portwatcher service, under conditions described in the CVE entry. The NVD metrics indicate a network-accessible ...
CVE-2018-2421
CVE-2018-2421 concerns SAP Internet Graphics Server (IGS) Portwatcher and affects listed Portwatcher versions within SAP IGS. The vulnerability enables a denial-of-service by preventing legitimate users from accessing the service, either by crashing or flooding it. The issue is associated with th...
CVE-2018-2438
The CVE-2018-2438 entry concerns SAP Internet Graphics Server (IGS) with affected versions including 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The vulnerability type is denial-of-service, enabling an attacker to prevent legitimate users from accessing the service by crashing or flooding it. The issue ...
CVE-2018-2396
CVE-2018-2396 affects SAP Internet Graphics Server (IGS) on versions 7.20, 7.20EXT, 7.45, 7.49, 7.53, via the IGS Interpreter service. The issue, under certain conditions, allows a malicious user to prevent legitimate users from accessing IGS (a denial-of-service impact as described). The provide...
CVE-2018-2423
CVE-2018-2423 concerns SAP Internet Graphics Server (IGS) when running on versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The issue affects the HTTP and RFC listeners, allowing an attacker to deny service to legitimate users by crashing or flooding the service (availability impact). CVSS metrics in...
CVE-2007-3613
The vulnerability CVE-2007-3613 is a Cross-site Scripting (XSS) in SAP Internet Graphics Service (IGS), affecting the ADM:GETLOGFILE function. The issue allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter. The NVD entry provides a MEDIUM severity (CVSS v2: AV:N...
CVE-2018-2390
CVE-2018-2390 affects SAP Internet Graphics Server (IGS) via the IGS Chart service, impacting IGS versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The description indicates that under certain conditions a malicious user can prevent legitimate users from accessing IGS, implying a denial-of-service-li...
CVE-2018-2388
The CVE-2018-2388 entry concerns a stored cross-site scripting (XSS) vulnerability in SAP Internet Graphics Server affecting versions 7.20, 7.20EXT, 7.45, 7.49, 7.53 . The connected records consistently describe a stored XSS issue; no additional root-cause details are provided beyond this, and th...