CVE-2018-2439
CVSSN/A
发布时间 :2018-07-10 14:29:01
修订时间 :2018-07-12 21:29:02
NMS    

[原文]The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to the multiplexer and the SAP Internet Graphics Server (IGS) multiplexer had insufficient input validation and thus allowing a malformed data packet to cause a crash.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS暂不可用

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2439
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2439
(官方数据源) NVD

- 其它链接及资源

http://www.securityfocus.com/bid/104708
(UNKNOWN)  BID  104708
https://launchpad.support.sap.com/#/notes/2644147
(UNKNOWN)  MISC  https://launchpad.support.sap.com/#/notes/2644147
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000
(UNKNOWN)  CONFIRM  https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000

- 漏洞信息

SAP Internet Graphics Server CVE-2018-2439 Unspecified Remote Code Injection Vulnerability
Input Validation Error 104708
Yes No
2018-07-10 12:00:00 2018-07-10 12:00:00
The vendor reported this issue.

- 受影响的程序版本

SAP Internet Graphics Server 7.53
SAP Internet Graphics Server 7.49
SAP Internet Graphics Server 7.45
SAP Internet Graphics Server 7.20EXT
SAP Internet Graphics Server 7.20

- 漏洞讨论

SAP Internet Graphics Server is prone to an unspecified remote code-injection vulnerability.

An attacker can exploit this issue to inject and execute arbitrary code in the context of the affected application.

SAP Internet Graphics Server 7.20, 7.20EXT, 7.45, 7.45, 7.49, and 7.53 are vulnerable.

- 漏洞利用

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站