Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:4D295AC3-B3EB-4904-9C27-FF94A7C7FE66
HistoryFeb 14, 2018 - 12:00 a.m.

CVE-2018-2392

2018-02-1400:00:00
attackerkb.com
18

0.003 Low

EPSS

Percentile

68.5%

JSON

Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.

Recent assessments:

gwillcox-r7 at October 06, 2020 4:04pm UTC reported:

This vulnerability currently has a Metasploit module in the PR queue at <https://github.com/rapid7/metasploit-framework/pull/14163&gt;, so here is a nutshell version of what this vulnerability is and why it matters, as well as why it might not matter as much.

Basically this vulnerability is a bug from 2018 in SAP Internet Graphics Servers (IGS) in their /XMLCHART pages due to a lack of XML external entity validation on the value of the &lt;Element&gt; HTML tag when a POST request containing XML is sent to the /XMLCHART page, which will then instruct the SAP IGS server to render a new chart with the provided data.

By abusing this vulnerability an attacker can retrieve the contents of any file on the system as the user running the SAP IGS server. This user will typically be the SAP admin user, but will not necessarily be the root user, meaning that whilst the attacker will have elevated access to SAP IGS related files, they may not be able to access some OS related files due to their lack of permissions.

Still it is important to note that SAP systems are often responsible for processing business sensitive information, so whilst the attacker may not be able to access something like the /etc/shadow file, they would still be able to potentially retrieve sensitive information such as data about company performance or analytics that may not be available to the public, which could allow for activities such as insider trading. It is also possible that the SAP admin user may have been given extra permissions by accident which could allow the attacker to read the contents of other sensitive files on the disks. These could include configuration files which may contain sensitive usernames and passwords.

This vulnerability is therefore listed as a Medium as it certainly gives an attacker a fair degree of file access, however the attacker will not be able to do anything beyond reading files with this bug alone, which limits its impact a little bit.

Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5

Related

nvd 1
cvelist 1
cve 1
prion 1
metasploit 1
nuclei 1
nvd
nvd
CVE-2018-2392
2018-02-14 12:29:01
cvelist
cvelist
CVE-2018-2392
2018-02-14 12:00:00
cve
cve
CVE-2018-2392
2018-02-14 12:29:01
prion
prion
Xxe
2018-02-14 12:29:00
metasploit
metasploit
SAP Internet Graphics Server (IGS) XMLCHART XXE
2020-10-07 15:04:03
nuclei
nuclei
SAP Internet Graphics Server (IGS) - XML External Entity Injection
2021-07-05 16:40:37

0.003 Low

EPSS

Percentile

68.5%

JSON
Related for AKB:4D295AC3-B3EB-4904-9C27-FF94A7C7FE66
nvd1cvelist1cve1prion1metasploit1nuclei1