Vulnerabilities > CVE-2018-20732 - Deserialization of Untrusted Data vulnerability in SAS web Infrastructure Platform 9.4

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.

Vulnerable Configurations

Part Description Count
Application
Sas
7
Application
Hpe
1
OS
Ibm
1
OS
Linux
1
OS
Microsoft
1
OS
Oracle
1

Common Weakness Enumeration (CWE)