CVE-2018-2420

Summary

SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Internet Graphics Server (IGS)7.20affected
SAP SESAP Internet Graphics Server (IGS)7.20EXTaffected
SAP SESAP Internet Graphics Server (IGS)7.45affected
SAP SESAP Internet Graphics Server (IGS)7.49affected
SAP SESAP Internet Graphics Server (IGS)7.53affected

Weaknesses

  • Unrestricted File Upload

ADP Enrichment

CVE Program Container

Additional References

References