SAP Internet Graphics Server CVE-2018-2442 Cross Site Request Forgery Vulnerability
BID:105078
CVE-2018-2442 |Info
SAP Internet Graphics Server CVE-2018-2442 Cross Site Request Forgery Vulnerability
| Bugtraq ID: | 105078 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-2442 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 14 2018 12:00AM |
| Updated: | Aug 14 2018 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
SAP Internet Graphics Server 7.53 SAP Internet Graphics Server 7.49 SAP Internet Graphics Server 7.45 SAP Internet Graphics Server 7.20EXT SAP Internet Graphics Server 7.20 |
| Not Vulnerable: | |
Discussion
SAP Internet Graphics Server CVE-2018-2442 Cross Site Request Forgery Vulnerability
SAP Internet Graphics Server is prone to an unspecified cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
SAP Internet Graphics Server versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53 are vulnerable.
SAP Internet Graphics Server is prone to an unspecified cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
SAP Internet Graphics Server versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53 are vulnerable.
Exploit / POC
SAP Internet Graphics Server CVE-2018-2442 Cross Site Request Forgery Vulnerability
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.