CVSS: 10.0EPSS: 0%CPEs: 21EXPL: 2CVE-2019-14678
https://notcve.org/view.php?id=CVE-2019-14678
14 Nov 2019 — SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used. SAS XML Mapper versión 9.45, tiene una vulnerabilidad de tipo XML External Entity (XXE) que los atacantes maliciosos pueden aprovechar en múltiples maneras... • https://github.com/mbadanoiu/CVE-2019-14678 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.3EPSS: 9%CPEs: 4EXPL: 0CVE-2014-2262
https://notcve.org/view.php?id=CVE-2014-2262
28 Feb 2014 — Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program. Desbordamiento de buffer en la aplicación cliente en Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 y TS1M2 y SAS 9.4 TS1M0 permite a atacantes remotos asistidos por usuario ejecutar código arbitrario a través de un programa SAS manipulado. • http://secunia.com/advisories/57029 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •