Lucene search
+L
SapInternet Graphics Server

28 matches found

CVE
CVE
added 2018/02/14 12:0 p.m.110 views

CVE-2018-2392

SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53 contain two XML External Entity Injection vulnerabilities (XXE) in the XMLCHART page (CVE-2018-2392 and CVE-2018-2393). The flaws arise from insufficient validation of the Extension HTML tag during POST requests to ge...

7.5CVSS7.5AI score0.40993EPSS
CVE
CVE
added 2018/02/14 12:0 p.m.87 views

CVE-2018-2393

SAP Internet Graphics Server (IGS) vulnerabilities CVE-2018-2393 affect IGS versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53, specifically in the XMLCHART page. The issue arises from insufficient validation of the Extension HTML tag during a POST to generate a new chart, enabling XML External Entity ...

7.5CVSS7.4AI score0.18204EPSS
CVE
CVE
added 2006/12/07 1:0 a.m.65 views

CVE-2006-6346

SAP Internet Graphics Service (IGS) affected: 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier (CVE-2006-6346). Described as an unspecified vulnerability related to "Undocumented Features" that could allow remote attackers to cause a denial of service, obtain configuration files,...

10CVSS6.6AI score0.02734EPSS
CVE
CVE
added 2018/02/14 12:0 p.m.57 views

CVE-2018-2394

CVE-2018-2394 affects SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. Under certain conditions, an unauthenticated attacker can prevent legitimate users from accessing services and/or system files. The initial description provides affected versions and impact but no e...

6.5CVSS6.5AI score0.01048EPSS
CVE
CVE
added 2018/08/14 4:0 p.m.57 views

CVE-2018-2442

Summary of CVE-2018-2442 : In SAP BusinessObjects BI (versions 4.0–4.2), viewing a Web Intelligence report from BI Launchpad can reveal session details captured by an HTTP analysis tool, which may be reused in an HTML page while the user session remains valid. This describes a cross‑site request ...

8.8CVSS8.5AI score0.00705EPSS
CVE
CVE
added 2006/12/07 1:0 a.m.56 views

CVE-2006-6345

CVE-2006-6345 affects SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, with a directory traversal in HTTP requests that lets remote attackers delete arbitrary files. Root cause: traversal sequences exploited by the HTTP handling in IGS. Impact...

7.5CVSS6.5AI score0.01899EPSS
CVE
CVE
added 2018/02/14 12:0 p.m.56 views

CVE-2018-2382

CVE-2018-2382 affects SAP Internet Graphics Server (versions 7.20, 7.20EXT, 7.45, 7.49, 7.53). The vulnerability enables a malicious user to store graphics in a controlled area and subsequently access information from the system area that would normally be unavailable. The connected documents pro...

6.5CVSS6.4AI score0.00867EPSS
CVE
CVE
added 2018/02/14 12:0 p.m.54 views

CVE-2018-2387

The CVE-2018-2387 entry describes a vulnerability in SAP Internet Graphics Server affecting versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The issue allows a malicious user to obtain information about open ports that should not be accessible, indicating an information disclosure risk. The connecte...

6.5CVSS6.2AI score0.00867EPSS
CVE
CVE
added 2018/02/14 12:0 p.m.54 views

CVE-2018-2389

CVE-2018-2389 involves SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. Under certain conditions a malicious user can inject log files, hiding important information in the log file. This CVE description is supported by the NVD entry; no explicit exploit details or patc...

5.7CVSS5.4AI score0.00712EPSS
CVE
CVE
added 2006/08/14 11:0 p.m.52 views

CVE-2006-4134

SAP Internet Graphics Service (IGS) affects 6.40 and earlier, and 7.00 and earlier. CVE-2006-4134 describes an unspecified design-flaw that enables remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. Related entries (CVE-2006-6345 and CVE-2006-6346) describ...

5CVSS6.4AI score0.04579EPSS
CVE
CVE
added 2006/08/14 11:0 p.m.50 views

CVE-2006-4133

SAP Internet Graphics Service (IGS) vulnerable to a heap-based buffer overflow in 6.40 and earlier, and 7.00 and earlier. An HTTP request containing an ADM:GETLOGFILE command with a long portwatcher argument can overflow during error message construction when _snprintf returns a negative value th...

7.5CVSS8.2AI score0.06282EPSS
CVE
CVE
added 2018/02/14 12:0 p.m.50 views

CVE-2018-2386

CVE-2018-2386 affects the SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. A malicious user can provoke an out-of-bounds buffer overflow under certain conditions, potentially leading to a denial of service affecting legitimate users. The vulnerability is exploitable ov...

6.5CVSS6.7AI score0.00999EPSS
CVE
CVE
added 2018/02/14 12:0 p.m.49 views

CVE-2018-2383

CVE-2018-2383 is a reflected cross-site scripting (XSS) vulnerability in SAP Internet Graphics Server, affecting SAP-GIS versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The CVSS data indicates a network-based vulnerability with no authentication required for CVSSv2 (Access Vector: Network, Complexi...

6.1CVSS6AI score0.00654EPSS
CVE
CVE
added 2018/05/09 8:0 p.m.49 views

CVE-2018-2420

CVE-2018-2420 affects SAP Internet Graphics Server (IGS) across versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. Root cause: improper validation of file formats during upload allows an attacker to upload arbitrary files (including script files). Impact: potential confidentiality, integrity, and availabi...

9.8CVSS9.3AI score0.0158EPSS
CVE
CVE
added 2018/02/14 12:0 p.m.47 views

CVE-2018-2384

CVE-2018-2384 affects SAP Internet Graphics Server and its services in multiple versions (7.20, 7.20EXT, 7.45, 7.49, 7.53). The root cause is a Null Pointer dereference under certain conditions, which can prevent legitimate users from accessing the server (availability impact). The provided docum...

6.5CVSS6.4AI score0.00924EPSS
CVE
CVE
added 2018/02/14 12:0 p.m.46 views

CVE-2018-2385

CVE-2018-2385 affects SAP Internet Graphics Server (versions 7.20, 7.20EXT, 7.45, 7.49, 7.53 and related services). The issue is a divide-by-zero crash triggered by a malicious user under certain conditions, resulting in partial availability impact. The initial description lists the condition and...

6.5CVSS6.5AI score0.00924EPSS
CVE
CVE
added 2018/02/14 12:0 p.m.46 views

CVE-2018-2395

CVE-2018-2395 affects SAP Internet Graphic Server (IGS) with vulnerable versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. Under certain conditions a malicious user could retrieve information and overwrite existing images or corrupt other file types. The available sources confirm the vulnerability descrip...

8.8CVSS8.5AI score0.01525EPSS
CVE
CVE
added 2018/05/09 8:0 p.m.46 views

CVE-2018-2422

The CVE-2018-2422 entry concerns SAP Internet Graphics Server (IGS) Portwatcher. Affected versions include 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The vulnerability enables a Denial of Service where an attacker can crash or flood the Portwatcher, preventing legitimate users from accessing the servic...

7.5CVSS7.4AI score0.01944EPSS
CVE
CVE
added 2018/07/10 6:0 p.m.46 views

CVE-2018-2437

CVE-2018-2437 affects SAP Internet Graphics Service (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. The vulnerability allows an attacker to externally trigger IGS command executions, resulting in disclosure of information and potential malicious file insertion or modification. Root cause details ...

9.1CVSS8.9AI score0.03298EPSS
CVE
CVE
added 2018/07/10 6:0 p.m.46 views

CVE-2018-2439

CVE-2018-2439 refers to the SAP Internet Graphics Server (IGS) affecting versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. The issue is insufficient input validation in multiple IGS components (HTTP and RFC listener, portwatcher registration with the multiplexer, and the multiplexer itself), which can al...

5.9CVSS5.7AI score0.01556EPSS
CVE
CVE
added 2018/02/14 12:0 p.m.44 views

CVE-2018-2391

CVE-2018-2391 affects SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, 7.53. The issue allows a remote attacker to cause a denial of service by exploiting the IGS portwatcher service, under conditions described in the CVE entry. The NVD metrics indicate a network-accessible ...

6.5CVSS6.4AI score0.00924EPSS
CVE
CVE
added 2018/05/09 8:0 p.m.44 views

CVE-2018-2421

CVE-2018-2421 concerns SAP Internet Graphics Server (IGS) Portwatcher and affects listed Portwatcher versions within SAP IGS. The vulnerability enables a denial-of-service by preventing legitimate users from accessing the service, either by crashing or flooding it. The issue is associated with th...

7.5CVSS7.4AI score0.02522EPSS
CVE
CVE
added 2018/07/10 6:0 p.m.44 views

CVE-2018-2438

The CVE-2018-2438 entry concerns SAP Internet Graphics Server (IGS) with affected versions including 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The vulnerability type is denial-of-service, enabling an attacker to prevent legitimate users from accessing the service by crashing or flooding it. The issue ...

7.5CVSS7.5AI score0.01969EPSS
CVE
CVE
added 2018/02/14 12:0 p.m.42 views

CVE-2018-2396

CVE-2018-2396 affects SAP Internet Graphics Server (IGS) on versions 7.20, 7.20EXT, 7.45, 7.49, 7.53, via the IGS Interpreter service. The issue, under certain conditions, allows a malicious user to prevent legitimate users from accessing IGS (a denial-of-service impact as described). The provide...

6.5CVSS6.4AI score0.00924EPSS
CVE
CVE
added 2018/05/09 8:0 p.m.42 views

CVE-2018-2423

CVE-2018-2423 concerns SAP Internet Graphics Server (IGS) when running on versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The issue affects the HTTP and RFC listeners, allowing an attacker to deny service to legitimate users by crashing or flooding the service (availability impact). CVSS metrics in...

7.5CVSS7.4AI score0.02522EPSS
CVE
CVE
added 2007/07/06 7:0 p.m.41 views

CVE-2007-3613

The vulnerability CVE-2007-3613 is a Cross-site Scripting (XSS) in SAP Internet Graphics Service (IGS), affecting the ADM:GETLOGFILE function. The issue allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter. The NVD entry provides a MEDIUM severity (CVSS v2: AV:N...

4.3CVSS5.7AI score0.0239EPSS
CVE
CVE
added 2018/02/14 12:0 p.m.41 views

CVE-2018-2390

CVE-2018-2390 affects SAP Internet Graphics Server (IGS) via the IGS Chart service, impacting IGS versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53. The description indicates that under certain conditions a malicious user can prevent legitimate users from accessing IGS, implying a denial-of-service-li...

6.5CVSS6.4AI score0.00924EPSS
CVE
CVE
added 2018/02/14 12:0 p.m.39 views

CVE-2018-2388

The CVE-2018-2388 entry concerns a stored cross-site scripting (XSS) vulnerability in SAP Internet Graphics Server affecting versions 7.20, 7.20EXT, 7.45, 7.49, 7.53 . The connected records consistently describe a stored XSS issue; no additional root-cause details are provided beyond this, and th...

6.1CVSS5.9AI score0.00654EPSS