CVE-2018-2384
https://notcve.org/view.php?id=CVE-2018-2384
Under certain conditions a malicious user provoking a Null Pointer dereference can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services. Bajo ciertas circunstancias, un usuario malicioso que provoque una desreferencia de puntero NULL puede evitar que usuarios legítimos accedan a SAP Internet Graphics Server 7.20, 7.20EXT, 7.45, 7.49, 7.53 y sus servicios. • https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018 https://launchpad.support.sap.com/#/notes/2525222 • CWE-476: NULL Pointer Dereference •
CVE-2018-2387
https://notcve.org/view.php?id=CVE-2018-2387
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to obtain information on ports, which is not available to the user otherwise. Una vulnerabilidad en SAP internet Graphics Server 7.20, 7.20EXT, 7.45, 7.49 y 7.53 podría permitir que un usuario malicioso obtenga información sobre los puertos, que no estaría disponible para el usuario de otra forma. • https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018 https://launchpad.support.sap.com/#/notes/2525222 •
CVE-2018-2394
https://notcve.org/view.php?id=CVE-2018-2394
Under certain conditions an unauthenticated malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, services and/or system files. Bajo ciertas circunstancias, un usuario malicioso no autenticado puede evitar que usuarios legítimos accedan a SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49 y 7.53, los servicios y/o los archivos del sistema. • https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018 https://launchpad.support.sap.com/#/notes/2525222 •
CVE-2018-2392 – SAP Internet Graphics Server (IGS) XMLCHART XXE
https://notcve.org/view.php?id=CVE-2018-2392
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. Bajo ciertas circunstancias, SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49 y 7.53 no valida XML External Entity correctamente, lo que provoca que SAP Internet Graphics Server (IGS) no esté disponible. • https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018 https://launchpad.support.sap.com/#/notes/2525222 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-2388
https://notcve.org/view.php?id=CVE-2018-2388
Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. Vulnerabilidad de Cross-Site Scripting (XSS) persistente en SAP internet Graphics Server 7.20, 7.20EXT, 7.45, 7.49 y 7.53. • https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018 https://launchpad.support.sap.com/#/notes/2525222 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •