CVE-2018-2437

Description

The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification.

Affected products

• SAP / SAP Internet Graphics Server (IGS)= 7.20 – = 7.20
• SAP / SAP Internet Graphics Server (IGS)= 7.20EXT – = 7.20EXT
• SAP / SAP Internet Graphics Server (IGS)= 7.45 – = 7.45
• SAP / SAP Internet Graphics Server (IGS)= 7.49 – = 7.49
• SAP / SAP Internet Graphics Server (IGS)= 7.53 – = 7.53

References

• MISChttp://www.securityfocus.com/bid/104705
• MISChttps://launchpad.support.sap.com/#/notes/2644227
• MISChttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000