CVE-2018-2393

HIGH

SAP Internet Graphics Server 7.20, 7.20EXT, 7.45, 7.49, 7.53 - XML External Entity Injection

Title source: llm

Description

Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.

References (2)

Core 2

Core References

Permissions Required, Vendor Advisory x_refsource_confirm

https://launchpad.support.sap.com/#/notes/2525222

Vendor Advisory x_refsource_confirm

https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/

Scores

CVSS v3 7.5

EPSS 0.2042

EPSS Percentile 95.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-611

Status published

Products (5)

sap/internet_graphics_server 7.20

sap/internet_graphics_server 7.20ext

sap/internet_graphics_server 7.45

sap/internet_graphics_server 7.49

sap/internet_graphics_server 7.53

Published Feb 14, 2018

Tracked Since Feb 18, 2026