← Back

CVE-2018-20733

nvd nist
Published: Jan 17, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE.

Affected (7)

Sas
1 product
Web Infrastructure Platform
Configuration A
7 vulnerable · 5 platform
Vulnerable SoftwareAffected Versions
Sas
Web Infrastructure Platform
Before 9.4
Web Infrastructure Platform
Version 9.4
Web Infrastructure Platform
Version 9.4 maintenance_release_1
Web Infrastructure Platform
Version 9.4 maintenance_release_2
Web Infrastructure Platform
Version 9.4 maintenance_release_3
Web Infrastructure Platform
Version 9.4 maintenance_release_4
Web Infrastructure Platform
Version 9.4 maintenance_release_5
Running on/withPlatform Versions
Hpe
Hp Ux Ipfilter
All versions
Ibm
Aix
All versions
Linux
Linux Kernel
All versions
Microsoft
Windows
All versions
Oracle
Solaris
All versions

Related CWEs

CWE-611
Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.