CVE-2018-2392

Description

Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.

Affected products

• SAP_SE / SAP Internet Graphics Server7.20 – 7.20
• SAP_SE / SAP Internet Graphics Server7.20EXT – 7.20EXT
• SAP_SE / SAP Internet Graphics Server7.45 – 7.45
• SAP_SE / SAP Internet Graphics Server7.49 – 7.49
• SAP_SE / SAP Internet Graphics Server7.53 – 7.53

Exploits & PoCs

• nucleiSAP Internet Graphics Server (IGS) - XML External Entity Injectionby _generic_human_

References

• MISChttps://launchpad.support.sap.com/#/notes/2525222
• MISChttps://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/