Vulnerabilities > CVE-2018-20732 - Deserialization of Untrusted Data vulnerability in SAS web Infrastructure Platform 9.4

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
sas
hpe
ibm
linux
microsoft
oracle
CWE-502
NVD
Published: 2019-01-17
Updated: 2019-02-07

Summary

SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.

Vulnerable Configurations

Part Description Count
Application
Sas
7
Application
Hpe
1
OS
Ibm
1
OS
Linux
1
OS
Microsoft
1
OS
Oracle
1

Common Weakness Enumeration (CWE)

References