CVE-2018-2392 – SAP Internet Graphics Server (IGS) XMLCHART XXE
https://notcve.org/view.php?id=CVE-2018-2392
Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. Bajo ciertas circunstancias, SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49 y 7.53 no valida XML External Entity correctamente, lo que provoca que SAP Internet Graphics Server (IGS) no esté disponible. • https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018 https://launchpad.support.sap.com/#/notes/2525222 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-2388
https://notcve.org/view.php?id=CVE-2018-2388
Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. Vulnerabilidad de Cross-Site Scripting (XSS) persistente en SAP internet Graphics Server 7.20, 7.20EXT, 7.45, 7.49 y 7.53. • https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018 https://launchpad.support.sap.com/#/notes/2525222 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-2386
https://notcve.org/view.php?id=CVE-2018-2386
Under certain conditions a malicious user provoking an out of bounds buffer overflow can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53. Bajo ciertas circunstancias, un usuario malicioso que provoque un desbordamiento de búfer fuera de límites puede evitar que usuarios legítimos accedan a SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49 y 7.53. • https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018 https://launchpad.support.sap.com/#/notes/2525222 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-2390
https://notcve.org/view.php?id=CVE-2018-2390
Under certain conditions a malicious user can prevent legitimate users from accessing the SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, via IGS Chart service. Bajo ciertas circunstancias, un usuario malicioso puede evitar que usuarios legítimos accedan a SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53 mediante el servicio IGS Chart. • https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018 https://launchpad.support.sap.com/#/notes/2525222 •
CVE-2018-2382
https://notcve.org/view.php?id=CVE-2018-2382
A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, could allow a malicious user to store graphics in a controlled area and as such gain information from system area, which is not available to the user otherwise. Una vulnerabilidad en SAP internet Graphics Server 7.20, 7.20EXT, 7.45, 7.49 y 7.53 podría permitir que un usuario malicioso almacene gráficos en un área controlada y, por lo tanto, obtenga información del área del sistema que no estaría disponible al usuario de otra forma. • https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018 https://launchpad.support.sap.com/#/notes/2525222 •