CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-2442
https://notcve.org/view.php?id=CVE-2018-2442
14 Aug 2018 — In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid. En SAP BusinessObjects Business Intelligence, en versiones 4.0, 4.1 y 4.2, mientras se visualiza un informe Web Intelligence del BI Launchpad, los detalles de la sesión de usuario capturados por una herramienta de análisis HTTP podrían reutilizarse en... • http://www.securityfocus.com/bid/105078 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2437
https://notcve.org/view.php?id=CVE-2018-2437
10 Jul 2018 — The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification. SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49 y 7.53 permite que un atacante desencadene externamente la ejecución de comandos IGS, lo que puede conducir a una divulgación de información y a la inserción o modificación de archivos maliciosos. • http://www.securityfocus.com/bid/104705 •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2439
https://notcve.org/view.php?id=CVE-2018-2439
10 Jul 2018 — The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to the multiplexe... • http://www.securityfocus.com/bid/104708 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2438
https://notcve.org/view.php?id=CVE-2018-2438
10 Jul 2018 — The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49 y 7.53 tiene varias vulnerabilidades de denegación de servicio (DoS) que permiten que un atacante evite que usuarios legítimos accedan a un servicio, ya sea provocando su cierre inesperado o inundándolo. • http://www.securityfocus.com/bid/104707 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2420
https://notcve.org/view.php?id=CVE-2018-2420
09 May 2018 — SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation. SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49 y 7.53 permite que un atacante suba cualquier archivo (incluyendo archivos de script) sin una validación del formato de archivo adecuada. • http://www.securityfocus.com/bid/104108 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2423
https://notcve.org/view.php?id=CVE-2018-2423
09 May 2018 — SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, HTTP and RFC listener allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. En SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49 y 7.53, los escuchadores HTTP y RFC permiten que un atacante evite que usuarios legítimos accedan a un servicio, ya sea cerrando o inundando el servicio. • http://www.securityfocus.com/bid/104109 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2422
https://notcve.org/view.php?id=CVE-2018-2422
09 May 2018 — SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. SAP Internet Graphics Server (IGS) Portwatcher 7.20, 7.20EXT, 7.45, 7.49 y 7.53 permite que un atacante evite que usuarios legítimos accedan a un servicio, ya sea cerrando o inundando el servicio. • http://www.securityfocus.com/bid/104110 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2421
https://notcve.org/view.php?id=CVE-2018-2421
09 May 2018 — SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. SAP Internet Graphics Server (IGS) Portwatcher 7.20, 7.20EXT, 7.45, 7.49 y 7.53 permite que un atacante evite que usuarios legítimos accedan a un servicio, ya sea cerrando o inundando el servicio. • http://www.securityfocus.com/bid/104111 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2018-2383
https://notcve.org/view.php?id=CVE-2018-2383
14 Feb 2018 — Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. Vulnerabilidad de Cross-Site Scripting (XSS) reflejado en SAP internet Graphics Server 7.20, 7.20EXT, 7.45, 7.49 y 7.53. • https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-2393 – SAP Internet Graphics Server (IGS) XMLCHART XXE
https://notcve.org/view.php?id=CVE-2018-2393
14 Feb 2018 — Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. Bajo ciertas circunstancias, SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49 y 7.53 no valida XML External Entity correctamente, lo que provoca que SAP Internet Graphics Server (IGS) no esté disponible. • https://packetstorm.news/files/id/180812 • CWE-611: Improper Restriction of XML External Entity Reference •