CVE-2018-2389

Description

Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file.

Affected products

• SAP_SE / SAP Internet Graphics Server7.20 – 7.20
• SAP_SE / SAP Internet Graphics Server7.20EXT – 7.20EXT
• SAP_SE / SAP Internet Graphics Server7.45 – 7.45
• SAP_SE / SAP Internet Graphics Server7.49 – 7.49
• SAP_SE / SAP Internet Graphics Server7.53 – 7.53

References

• MISChttps://launchpad.support.sap.com/#/notes/2525222
• MISChttps://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/