XXE in Hp Hp-ux

CVE-2019-14678

SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential…

Vulnerability class: XXE (XML External Entity)

EPSS: 0.030 (85.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2019-14678?
CVE-2019-14678 is a critical-severity vulnerability in Hp Hp-ux, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 10.0/10. Published 2019-11-14.
How severe is CVE-2019-14678?
Critical severity. CVSS v3 base score is 10.0 out of 10.
Is CVE-2019-14678 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.