Vendor
SAS Institute
Products
3
CVEs
3
Across products
3
Status
Private
Products
3- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-25256 | 0.00 | — | 0.01 | Feb 19, 2022 | SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is… | |||
| CVE-2002-2017 | 0.00 | — | 0.02 | Dec 31, 2002 | sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd. | |||
| CVE-1999-1325 | 0.00 | — | 0.00 | Dec 31, 1999 | SAS System 5.18 on VAX/VMS is installed with insecure permissions for its directories and startup file, which allows local users to gain privileges. |
- CVE-2022-25256Feb 19, 2022risk 0.00cvss —epss 0.01
SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is…
- CVE-2002-2017Dec 31, 2002risk 0.00cvss —epss 0.02
sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.
- CVE-1999-1325Dec 31, 1999risk 0.00cvss —epss 0.00
SAS System 5.18 on VAX/VMS is installed with insecure permissions for its directories and startup file, which allows local users to gain privileges.