Description

SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53 has an unauthenticated XML External Entity (XXE) vulnerability.

Remediation

Install SAP security patches.

References

SAP Security Patch Day – February 2018

Related Vulnerabilities

VMware Horizon Log4Shell RCE

Remote file inclusion XSS

Gitlab CI Lint SSRF

Edge Side Include injection

Reverse proxy misrouting

Severity

High

Classification

CVE-2018-2393 CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Acumonitor