Lucene search
K

6 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.369 views

SAP Internet Graphics Server (IGS) XMLCHART XXE

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Internet Graphics Server IGS XMLCHART XXE', 'Description' = %q This module exploits CVE-2018-2392 and CVE-2018-2393, two XXE vulnerabilities...

7.5CVSS7AI score0.40591EPSS
Exploits2
Rapid7 Blog
Rapid7 Blog
added 2020/10/09 7:41 p.m.814 views

Metasploit Wrap-Up

SAP Internet Graphics Server IGS This week includes a new module targeting the SAP Internet Graphics Server application, contributed by community member Vladimir Ivanov. This particular module covers two CVEs that are both XML External Entity XXE bugs that are remotely exploitable. The module com...

9.3CVSS0.9AI score0.99965EPSS
Exploits107
Metasploit
Metasploit
added 2020/10/07 5:41 p.m.59 views

SAP Internet Graphics Server (IGS) XMLCHART XXE

This module exploits CVE-2018-2392 and CVE-2018-2393, two XXE vulnerabilities within the XMLCHART page of SAP Internet Graphics Servers IGS running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53. These vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag when...

7.5CVSS7.5AI score0.40591EPSS
Exploits2
Circl
Circl
added 2020/10/07 4:19 p.m.9 views

CVE-2018-2393

creationtimestamp| type| source ---|---|--- 2020-10-07 16:19:55+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/sap/sapigsxmlchartxxe.rb 2025-02-06 03:13:43+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:07+00:00| seen|...

7.5CVSS7.4AI score0.18204EPSS
Exploits2References1
OSV
OSV
added 2018/02/14 12:29 p.m.3 views

CVE-2018-2393

Under certain conditions SAP Internet Graphics Server IGS 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server IGS to become unavailable...

7.5CVSS5.8AI score0.18204EPSS
Exploits2References2
CVE
CVE
added 2018/02/14 12:0 p.m.87 views

CVE-2018-2393

SAP Internet Graphics Server (IGS) vulnerabilities CVE-2018-2393 affect IGS versions 7.20, 7.20EXT, 7.45, 7.49, and 7.53, specifically in the XMLCHART page. The issue arises from insufficient validation of the Extension HTML tag during a POST to generate a new chart, enabling XML External Entity ...

7.5CVSS7.4AI score0.18204EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder