Filtered by vendor Sas
Subscriptions
Filtered by product Integration Technologies
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-4932 | 1 Sas | 1 Integration Technologies | 2024-11-21 | 6.3 Medium |
SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the `_program` parameter of the the `/SASStoredProcess/do` endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versionsĀ 9.4_M7 andĀ 9.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published. | ||||
CVE-2002-2018 | 1 Sas | 2 Base, Integration Technologies | 2024-11-20 | N/A |
sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault. | ||||
CVE-2002-2017 | 1 Sas | 2 Base, Integration Technologies | 2024-11-20 | N/A |
sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd. |
Page 1 of 1.