Description

SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53 has an unauthenticated XML External Entity (XXE) vulnerability.

Remediation

Install SAP security patches.

References

SAP Security Patch Day – February 2018

Related Vulnerabilities

Httpoxy vulnerability

Deserialization of Untrusted Data (Java JSON Deserialization) Jackson

Oracle E-Business Suite SSRF (CVE-2018-3167)

Apache REST RCE CVE-2018-11770

Liferay TunnelServlet Deserialization Remote Code Execution

Severity

High

Classification

CVE-2018-2393 CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Acumonitor XXE