PT-2018-15547 · Sap · Sap Internet Graphics Server

Published

2018-05-09

Updated

2019-10-09

CVE-2018-2420

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, 7.53

Description The issue allows an attacker to upload any file, including script files, without proper file format validation.

Recommendations For versions 7.20, 7.20EXT, 7.45, 7.49, 7.53, update to a version that includes proper file format validation to prevent unauthorized file uploads.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2018-2420

Affected Products

Sap Internet Graphics Server

PT-2018-15547 · Sap · Sap Internet Graphics Server

CVE-2018-2420

Weakness Enumeration

Related Identifiers

Affected Products

References · 5