Sas
Products
12- 5 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
20| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-48734 | Hig | 0.58 | 8.8 | 0.01 | Oct 30, 2024 | Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users. | ||
| CVE-2024-48733 | Hig | 0.58 | 8.8 | 0.01 | Oct 30, 2024 | SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users. | ||
| CVE-2024-48735 | Hig | 0.50 | 7.7 | 0.01 | Oct 30, 2024 | Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are… | ||
| CVE-2024-37571 | Med | 0.28 | 4.3 | 0.00 | Jun 26, 2024 | Buffer Overflow vulnerability in SAS Broker 9.2 build 1495 allows attackers to cause denial of service or obtain sensitive information via crafted payload to the '_debug' parameter. | ||
| CVE-2021-41569 | 0.06 | — | 0.08 | Nov 19, 2021 | SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to… | |||
| CVE-2023-50357 | 0.00 | — | 0.00 | Jan 31, 2024 | A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low-privileged attacker to gain escalated privileges of other non-admin users. | |||
| CVE-2023-24724 | 0.00 | — | 0.01 | Apr 3, 2023 | A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration… | |||
| CVE-2021-35475 | 0.00 | — | 0.01 | Jun 25, 2021 | SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties. | |||
| CVE-2020-9350 | 0.00 | — | 0.01 | Feb 23, 2020 | Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly. | |||
| CVE-2019-14678 | 0.00 | — | 0.03 | Nov 14, 2019 | SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This… | |||
| CVE-2007-6763 | 0.00 | — | 0.01 | Jul 31, 2019 | SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser. | |||
| CVE-2018-20733 | 0.00 | — | 0.01 | Jan 17, 2019 | BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. | |||
| CVE-2015-9281 | 0.00 | — | 0.01 | Jan 17, 2019 | Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. | |||
| CVE-2018-20732 | 0.00 | — | 0.04 | Jan 17, 2019 | SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant. | |||
| CVE-2014-5454 | 0.00 | — | 0.02 | Aug 25, 2014 | Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | |||
| CVE-2014-2262 | 0.00 | — | 0.04 | Mar 1, 2014 | Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program. | |||
| CVE-2002-2018 | 0.00 | — | 0.00 | Dec 31, 2002 | sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault. | |||
| CVE-2002-2017 | 0.00 | — | 0.02 | Dec 31, 2002 | sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd. | |||
| CVE-2002-0218 | 0.00 | — | 0.00 | May 16, 2002 | Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument. | |||
| CVE-2002-0219 | 0.00 | — | 0.01 | May 16, 2002 | Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument. |
- risk 0.58cvss 8.8epss 0.01
Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users.
- risk 0.58cvss 8.8epss 0.01
SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users.
- risk 0.50cvss 7.7epss 0.01
Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are…
- risk 0.28cvss 4.3epss 0.00
Buffer Overflow vulnerability in SAS Broker 9.2 build 1495 allows attackers to cause denial of service or obtain sensitive information via crafted payload to the '_debug' parameter.
- CVE-2021-41569Nov 19, 2021risk 0.06cvss —epss 0.08
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to…
- CVE-2023-50357Jan 31, 2024risk 0.00cvss —epss 0.00
A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low-privileged attacker to gain escalated privileges of other non-admin users.
- CVE-2023-24724Apr 3, 2023risk 0.00cvss —epss 0.01
A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration…
- CVE-2021-35475Jun 25, 2021risk 0.00cvss —epss 0.01
SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties.
- CVE-2020-9350Feb 23, 2020risk 0.00cvss —epss 0.01
Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly.
- CVE-2019-14678Nov 14, 2019risk 0.00cvss —epss 0.03
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This…
- CVE-2007-6763Jul 31, 2019risk 0.00cvss —epss 0.01
SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.
- CVE-2018-20733Jan 17, 2019risk 0.00cvss —epss 0.01
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE.
- CVE-2015-9281Jan 17, 2019risk 0.00cvss —epss 0.01
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page.
- CVE-2018-20732Jan 17, 2019risk 0.00cvss —epss 0.04
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.
- CVE-2014-5454Aug 25, 2014risk 0.00cvss —epss 0.02
Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
- CVE-2014-2262Mar 1, 2014risk 0.00cvss —epss 0.04
Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program.
- CVE-2002-2018Dec 31, 2002risk 0.00cvss —epss 0.00
sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault.
- CVE-2002-2017Dec 31, 2002risk 0.00cvss —epss 0.02
sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.
- CVE-2002-0218May 16, 2002risk 0.00cvss —epss 0.00
Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument.
- CVE-2002-0219May 16, 2002risk 0.00cvss —epss 0.01
Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument.