Synced 18 Jun 2026 05:58 UTC Account
← All products

CVE-2019-14678

CRITICAL severity · CVSS 10 · XML external entity (XXE)
10CVSS CRITICAL

Summary

SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)3%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products we track (2)

Windows Server 2016Windows Server 2019

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information