CVE-2018-2420: Malicious File Upload
First published: Wed May 09 2018(Updated: )
SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP internet Graphics Server | =7.20 | |
| SAP internet Graphics Server | =7.20ext | |
| SAP internet Graphics Server | =7.45 | |
| SAP internet Graphics Server | =7.49 | |
| SAP internet Graphics Server | =7.53 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2018-2420.
What is the severity rating of CVE-2018-2420?
CVE-2018-2420 has a severity rating of 9.8 (Critical).
What is affected by CVE-2018-2420?
SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53 are affected by CVE-2018-2420.
What is the recommended solution for CVE-2018-2420?
Apply the necessary security patches provided by SAP to fix CVE-2018-2420.
Where can I find more information about CVE-2018-2420?
You can find more information about CVE-2018-2420 in the references provided: http://www.securityfocus.com/bid/104108 and https://launchpad.support.sap.com/#/notes/2615635.
- collector/nvd-index
- agent/type
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap internet graphics server
- version/sap internet graphics server/7.20
- version/sap internet graphics server/7.20ext
- version/sap internet graphics server/7.45
- version/sap internet graphics server/7.49
- version/sap internet graphics server/7.53