Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-2392

CWE-611XML External Entity (XXE)6 documents6 sources
Severity
7.5HIGH
EPSS
86.4%
top 0.59%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
SAP SE SAP Internet Graphics ServerSAP Internet Graphics Server
Timeline
PublishedFeb 14
Latest updateMay 14

Description

Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5sap_se/sap_internet_graphics_server5 versions+4

🔴Vulnerability Details

3
GHSA
GHSA-j629-mr84-x8mf: Under certain conditions SAP Internet Graphics Server (IGS) 72022-05-14
CVEList
CVE-2018-2392: Under certain conditions SAP Internet Graphics Server (IGS) 72018-02-14
VulnCheck
SAP internet_graphics_server Improper Restriction of XML External Entity Reference2018

💥Exploits & PoCs

2
Metasploit
SAP Internet Graphics Server (IGS) XMLCHART XXE
Nuclei
SAP Internet Graphics Server (IGS) - XML External Entity Injection
CVE-2018-2392 (HIGH CVSS 7.5) | Under certain conditions SAP Intern | cvebase.io