Vendor
Sas
Products
4
CVEs
7
Across products
11
Status
Private
Products
4- 5 CVEs
- 4 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
7| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-2262 | 0.01 | — | 0.08 | Mar 1, 2014 | Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program. | ||
| CVE-2023-50357 | 0.00 | — | 0.00 | Jan 31, 2024 | A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low-privileged attacker to gain escalated privileges of other non-admin users. | ||
| CVE-2014-5454 | 0.00 | — | 0.01 | Aug 25, 2014 | Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. | ||
| CVE-2002-2017 | 0.00 | — | 0.01 | Dec 31, 2002 | sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd. | ||
| CVE-2002-2018 | 0.00 | — | 0.00 | Dec 31, 2002 | sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault. | ||
| CVE-2002-0219 | 0.00 | — | 0.00 | May 16, 2002 | Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument. | ||
| CVE-2002-0218 | 0.00 | — | 0.00 | May 16, 2002 | Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument. |