10
CVE-2019-14678
- EPSS 0.8%
- Veröffentlicht 14.11.2019 21:15:11
- Zuletzt bearbeitet 21.11.2024 04:27:07
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginSAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sas ≫ Xml Mapper Version9.45
Sas ≫ Base Sas Version9.4 Updatets1m6
Hp ≫ Hp-ux Version-
Ibm ≫ Aix Version-
Ibm ≫ Z/os Version-
Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version- HwPlatformx64
Microsoft ≫ Windows 10 Version-
Microsoft ≫ Windows 7 Version- Update- SwEditionenterprise
Microsoft ≫ Windows 7 Version- Update- SwEditionhome_premium
Microsoft ≫ Windows 7 Version- Update- SwEditionprofessional
Microsoft ≫ Windows 7 Version- Update- SwEditionultimate
Microsoft ≫ Windows 8 Version- SwEditionenterprise
Microsoft ≫ Windows 8 Version- SwEditionpro
Microsoft ≫ Windows 8.1 Version- SwEditionpro
Microsoft ≫ Windows Server 2012 Version- SwEditiondatacenter
Microsoft ≫ Windows Server 2012 Version- SwEditionstandard
Microsoft ≫ Windows Server 2012 Versionr2 SwEditiondatacenter
Microsoft ≫ Windows Server 2016 Version-
Microsoft ≫ Windows Server 2019 Version-
Oracle ≫ Solaris Version- HwPlatformx64
Ibm ≫ Aix Version-
Ibm ≫ Z/os Version-
Linux ≫ Linux Kernel Version-
Microsoft ≫ Windows Version- HwPlatformx64
Microsoft ≫ Windows 10 Version-
Microsoft ≫ Windows 7 Version- Update- SwEditionenterprise
Microsoft ≫ Windows 7 Version- Update- SwEditionhome_premium
Microsoft ≫ Windows 7 Version- Update- SwEditionprofessional
Microsoft ≫ Windows 7 Version- Update- SwEditionultimate
Microsoft ≫ Windows 8 Version- SwEditionenterprise
Microsoft ≫ Windows 8 Version- SwEditionpro
Microsoft ≫ Windows 8.1 Version- SwEditionpro
Microsoft ≫ Windows Server 2012 Version- SwEditiondatacenter
Microsoft ≫ Windows Server 2012 Version- SwEditionstandard
Microsoft ≫ Windows Server 2012 Versionr2 SwEditiondatacenter
Microsoft ≫ Windows Server 2016 Version-
Microsoft ≫ Windows Server 2019 Version-
Oracle ≫ Solaris Version- HwPlatformx64
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.8% | 0.733 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.