Severity: Medium

Description: SAS Fraud Management contains an XML external entity (XXE) injection vulnerability.

Potential Impact: XML external entity injection might result in an attack that leads to the disclosure of confidential data or denial of service.