Is CVE-2018-2392 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Sap Se Internet Graphics Server

CVE-2018-2392

Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable.

EPSS: 0.864 (99.4th percentile) — read the EPSS interpretation.

Affected products

Sap Se Internet Graphics Server — versions 7.20, 7.20EXT, 7.45

Public proof-of-concept exploits

Vladimir-Ivanov-Git/sap_igs_xxe
rapid7/metasploit-framework
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Vladimir-Ivanov-Git/sap_
developer3000S/PoC-in-GitHub
hectorgie/PoC-in-GitHub

References

launchpad.support.sap.com/ (x_refsource_CONFIRM)
blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-2392?: CVE-2018-2392 is a vulnerability in Sap Se Internet Graphics Server. Published 2018-02-14.
Is CVE-2018-2392 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.