CVE-2018-2420 MEDIUM

CVE-2018-2420

Vendor Sap Se
Product SAP Internet Graphics Server (IGS)
Published May 9, 2018
Last update August 5, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.

Key dates

02Disclosure timeline

May 9, 2018 CVE published
August 5, 2024 Record updated