Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-14678

Опубликовано: 14 нояб. 2019
Источник: nvd
CVSS3: 10
CVSS2: 7.5
EPSS Низкий

Описание

SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:sas:xml_mapper:9.45:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:a:sas:base_sas:9.4:ts1m6:*:*:*:*:*:*

Одно из

cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:z\/os:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:-:*:*:enterprise:*:*:*
cpe:2.3:o:microsoft:windows_7:-:-:*:*:home_premium:*:*:*
cpe:2.3:o:microsoft:windows_7:-:-:*:*:professional:*:*:*
cpe:2.3:o:microsoft:windows_7:-:-:*:*:ultimate:*:*:*
cpe:2.3:o:microsoft:windows_8:-:*:*:*:enterprise:*:*:*
cpe:2.3:o:microsoft:windows_8:-:*:*:*:pro:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:datacenter:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:standard:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:x64:*

EPSS

Процентиль: 74%
0.00798
Низкий

10 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-611

Связанные уязвимости

github логотип

GHSA-65vm-7c4g-83vm

CVSS3: 10
github
больше 3 лет назад

SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used.

EPSS

Процентиль: 74%
0.00798
Низкий

10 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-611