Filtered by vendor Sas
Subscriptions
Filtered by product Studio
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48734 | 1 Sas | 1 Studio | 2024-11-04 | 8.8 High |
| Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users. | ||||
| CVE-2024-48733 | 1 Sas | 1 Studio | 2024-11-04 | 8.8 High |
| SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users. | ||||
| CVE-2024-48735 | 1 Sas | 1 Studio | 2024-11-01 | 7.7 High |
| Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized users. | ||||
Page 1 of 1.