CVE-2019-14678

CRITICAL Year: 2019
CVSS v3 Score
10.0
Critical
CVSS v2 Score
7.5
High
Weakness Type
CWE-611
View all →

Vulnerability Description

SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used.

Related Vulnerabilities

CVE-2015-9280

CRITICAL
CVSS:10.0(Critical)

MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.

CWE-6112015

CVE-2017-7664

CRITICAL
CVSS:10.0(Critical)

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.

CWE-6112017

CVE-2017-8110

CRITICAL
CVSS:10.0(Critical)

www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 has XXE in api/it-recht-kanzlei/api-it-recht-kanzlei.php.

CWE-6112017

CVE-2018-1000124

CRITICAL
CVSS:10.0(Critical)

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.php(simplexml_load_string) that can result in an attacker reading the c...

CWE-6112018

CVE-2018-1000644

CRITICAL
CVSS:10.0(Critical)

Eclipse RDF4j version < 2.4.0 Milestone 2 contains a XML External Entity (XXE) vulnerability in RDF4j XML parser parsing RDF files that can result in the disclosure of confidential data, denial of ser...

CWE-6112018

CVE-2018-1000651

CRITICAL
CVSS:10.0(Critical)

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning...

CWE-6112018