Vulnerabilities > CVE-2014-5454 - Arbitrary File Upload vulnerability in SAS Visual Analytics 6.4

CVSS 6.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

sas

NVD

Published: 2014-08-25

Updated: 2017-09-08

Summary

Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. <a href="http://cwe.mitre.org/data/definitions/434.html" target="_blank">CWE-434: Unrestricted Upload of File with Dangerous Type</a>

Vulnerable Configurations

Part	Description	Count
Application	Sas SAS Visual Analytics 6.4	1

References

http://packetstormsecurity.com/files/127866/SAS-Visual-Analytics-6.4M1-Arbitrary-File-Upload.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/95351