CVE-2018-2439
CVE-2018-2439 is a medium-severity vulnerability in Sap Internet Graphics Server with a CVSS 3.x base score of 5.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-20.
Key facts
- Severity: Medium (CVSS 3.x base score 5.9)
- CVSS v2: 4.3
- EPSS exploit prediction: 2% (72nd percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-20
- Affected product: Sap Internet Graphics Server
- Published:
- Last modified:
Description
The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to the multiplexer and the SAP Internet Graphics Server (IGS) multiplexer had insufficient input validation and thus allowing a malformed data packet to cause a crash.
Frequently asked questions
- What is CVE-2018-2439?
- The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under certain conditions, will process invalid requests. Several areas of the SAP Internet Graphics Server (IGS) did not require sufficient input validation. Namely, the SAP Internet Graphics Server (IGS) HTTP and RFC listener, SAP Internet Graphics Server (IGS) portwatcher when registering a portwatcher to the multiplexer and the SAP Internet Graphics Server (IGS) multiplexer had insufficient input validation and thus allowing a malformed data packet to cause a crash.
- How severe is CVE-2018-2439?
- CVE-2018-2439 has a CVSS 3.x base score of 5.9, rated medium severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2018-2439 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (72nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2018-2439?
- CVE-2018-2439 primarily affects Sap Internet Graphics Server. In total, 5 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2018-2439?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2018-2439 published?
- CVE-2018-2439 was published on 2018-07-10 and last updated on 2026-06-17.
References
- http://www.securityfocus.com/bid/104708
- https://launchpad.support.sap.com/#/notes/2644147
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=497256000
Affected products (5)
- cpe:2.3:a:sap:internet_graphics_server:7.20:*:*:*:*:*:*:*
- cpe:2.3:a:sap:internet_graphics_server:7.20ext:*:*:*:*:*:*:*
- cpe:2.3:a:sap:internet_graphics_server:7.45:*:*:*:*:*:*:*
- cpe:2.3:a:sap:internet_graphics_server:7.49:*:*:*:*:*:*:*
- cpe:2.3:a:sap:internet_graphics_server:7.53:*:*:*:*:*:*:*
More vulnerabilities in Sap Internet Graphics Server
- CVE-2006-6346 — Critical (CVSS 10.0): Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3…
- CVE-2018-2437 — Critical (CVSS 9.1): The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS…
- CVE-2018-2442 — High (CVSS 8.8): In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from…
- CVE-2018-2395 — High (CVSS 8.8): Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT,…
- CVE-2018-2438 — High (CVSS 7.5): The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities…
- CVE-2018-2393 — High (CVSS 7.5): Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML…
All CVEs affecting Sap Internet Graphics Server →
Other CWE-20 (Improper Input Validation) vulnerabilities
- CVE-2026-48316 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48281 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48277 — Critical (CVSS 10.0): ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could…
- CVE-2026-48055 — Critical (CVSS 10.0): Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and…
- CVE-2026-34910 — Critical (CVSS 10.0): A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS…
- CVE-2026-33587 — Critical (CVSS 10.0): Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and…
Browse all CWE-20 (Improper Input Validation) vulnerabilities →