CVE-2018-2392

Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.

Published: Feb 14, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-2392
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-611

OWASP TOP 10:

A4 - XML External Entities (XXE)

Affected Software
References

Software	From	Fixed in
sap / internet_graphics_server	7.20	7.20.x
sap / internet_graphics_server	7.20ext	7.20ext.x
sap / internet_graphics_server	7.45	7.45.x
sap / internet_graphics_server	7.49	7.49.x
sap / internet_graphics_server	7.53	7.53.x

https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/
https://launchpad.support.sap.com/#/notes/2525222

Vulnerability Database

290,020

CVE-2018-2392