← back
CVE-2018-2437

CVE-2018-2437

EPSS 3.3%
In short

SAP Internet Graphics Service has a vulnerability that allows attackers to remotely trigger commands on the server, potentially exposing sensitive information or modifying files without authorization.

Technical detail

CVE-2018-2437 in SAP IGS versions 7.20 through 7.53 permits unauthenticated remote command execution through externally-triggered IGS commands, enabling information disclosure and arbitrary file insertion or modification on affected systems.

Summary generated and translated by AI from the official description.
The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious file insertion or modification.
Affected products
SAP · SAP Internet Graphics Server (IGS)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/2644227https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000http://www.securityfocus.com/bid/104705