CVE-2019-14678

Published Nov 14, 2019

Last updated 5 years ago

CVSS critical 10.0

Overview

Description: SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 10
Impact score: 6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-611

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sas:xml_mapper:9.45:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14EE3A71-551A-49C1-A094-3EB2C9D91B67"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C"
          },
          {
            "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89"
          },
          {
            "criteria": "cpe:2.3:o:ibm:z\\/os:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0E97A964-6F9E-4C87-9B90-21AE2C1DF52F"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "82132539-3C34-4B63-BE2A-F51077D8BC5A"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_7:-:-:*:*:enterprise:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1D44BBE9-2C02-4FFA-AC18-C4B7D13553B0"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_7:-:-:*:*:home_premium:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B51A6188-C855-48B1-9A04-8FF3C330C21E"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_7:-:-:*:*:professional:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BBB559E8-495B-4EB3-A054-5B23F1B8F6AB"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_7:-:-:*:*:ultimate:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FD1B0619-486A-4C8D-A55D-74D7734BB3E2"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:enterprise:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F758C0AF-0D52-4EC9-80E6-49D232781223"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:pro:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "918C123E-1E0A-459F-9AB7-7A478F557D05"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:pro:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7BAC5A99-C5CB-43A8-BF47-0CEF18793A85"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:datacenter:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "429C5FDD-7455-47CD-BC2B-14DB628F7650"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:standard:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CB3F2581-68F4-4241-8CCC-8B9DBBD65CB8"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "32BCD530-F6E2-4F9B-AD4C-7DF2BED00296"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
          },
          {
            "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:x64:*",
            "vulnerable": false,
            "matchCriteriaId": "63CA0FD9-03F3-4429-96B0-82BA20A7D3D3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sas:base_sas:9.4:ts1m6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "849BE921-AF2E-479B-9951-03B9F236E110"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References