Title: SAP Internet Graphics Service Unspecified Directory Traversal Vulnerability
Severity: MODERATE
Description:
SAP Internet Graphics Service (IGS) is a server architecture that is used to generate graphical or non-graphical output from supplied data; it is available for multiple operating systems.
IGS is prone to an unspecified directory-traversal vulnerability.
An attacker can exploit this issue to remove arbitrary files on the SAP IGS filesystem. Files must have SAP System Administrator '<SID>adm' write permissions.
Detailed technical details regarding this issue have yet to be released. This BID will be updated as more information becomes available.
Versions 6.40 prior to patch 17 and 7.00 prior to patch 7 are vulnerable.
NOTE: This issue affects IGS only when running on UNIX computers.
Affected Products:
- SAP Internet Graphics Server 6.40 Patch 12
- SAP Internet Graphics Server 6.40 Patch 13
- SAP Internet Graphics Server 6.40 Patch 14
- SAP Internet Graphics Server 6.40 Patch 15
- SAP Internet Graphics Server 6.40 Patch 16
- SAP Internet Graphics Server 6.40.0
- SAP Internet Graphics Server 6.40.0 Patch 11
- SAP Internet Graphics Server 7.00 Patch 2
- SAP Internet Graphics Server 7.00 Patch 3
- SAP Internet Graphics Server 7.00 Patch 4
- SAP Internet Graphics Service 7.00 Patch 5
- SAP Internet Graphics Service 7.00 Patch 6
References:
- SAP: Vendor Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
