Unrated severityNVD Advisory· Published Nov 19, 2021· Updated Aug 4, 2024
CVE-2021-41569
CVE-2021-41569
Description
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-controllable variable and append additional functions native to the macro but not included as variables within the library. This includes a function that retrieves files from the host OS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- SAS/SAS/Intrnetdescription
- Range: <=9.4 build 1520
Patches
Vulnerability mechanics
References
2- support.sas.com/kb/68/641.htmlmitrex_refsource_MISC
- www.mindpointgroup.com/blog/high-risk-vulnerability-discovery-localfileinclusion-sasmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.