High severity7.7NVD Advisory· Published Oct 30, 2024· Updated Apr 15, 2026

CVE-2024-48735

Description

Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized users.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sas.comnvd
github.com/ACN-CVEs/CVE-2024-48735/blob/67e86e12393650e1df16c845ceff487d016f31f0/LFI.pdfnvd

News mentions

No linked articles in our index yet.

cvss	0.501
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000