CVE-2018-2392

HIGH EXPLOITED NUCLEI

SAP Internet Graphics Server (IGS) XMLCHART XXE

Title source: metasploit

Exploitation Summary

CVE-2018-2392 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Vladimir-Ivanov-Git, Yvan Genuer, Vladimir Ivanov, including a Metasploit module auxiliary/admin/sap/sap_igs_xmlchart_xxe. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a Metasploit module for exploiting CVE-2018-2392 and CVE-2018-2393, which are XXE vulnerabilities in SAP Internet Graphics Server (IGS). The exploit allows unauthenticated remote file read or denial of service via maliciously crafted XML input to the XMLCHART endpoint.

Description

Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.

Exploits (2)

nomisec WORKING POC 1 stars

by Vladimir-Ivanov-Git · infoleak

https://github.com/Vladimir-Ivanov-Git/sap_igs_xxe

View Code ZIP pw:eip

This repository contains a Metasploit module for exploiting CVE-2018-2392 and CVE-2018-2393, which are XXE vulnerabilities in SAP Internet Graphics Server (IGS). The exploit allows unauthenticated remote file read or denial of service via maliciously crafted XML input to the XMLCHART endpoint.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53

No auth needed

Prerequisites: Network access to the SAP IGS server on port 40080 · Vulnerable SAP IGS version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by Yvan Genuer, Vladimir Ivanov · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/sap/sap_igs_xmlchart_xxe.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2018-2392 and CVE-2018-2393, which are XXE vulnerabilities in SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53. It allows unauthenticated remote file read or denial of service via crafted XML payloads.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: SAP Internet Graphics Server (IGS) versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53

No auth needed

Prerequisites: Network access to the SAP IGS server · SAP IGS service running on default or specified port

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

SAP Internet Graphics Server (IGS) - XML External Entity Injection

HIGHby _generic_human_

References (2)

Core 2

Core References

Permissions Required, Vendor Advisory x_refsource_confirm

https://launchpad.support.sap.com/#/notes/2525222

Vendor Advisory x_refsource_confirm

https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/

Scores

CVSS v3 7.5

EPSS 0.8638

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

VulnCheck KEV 2025-06-07

CWE

CWE-611

Status published

Products (5)

sap/internet_graphics_server 7.20

sap/internet_graphics_server 7.20ext

sap/internet_graphics_server 7.45

sap/internet_graphics_server 7.49

sap/internet_graphics_server 7.53

Published Feb 14, 2018

Tracked Since Feb 18, 2026