Vulnerabilities > SAS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-4932 | Cross-site Scripting vulnerability in SAS Integration Technologies 9.4 SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). | 5.4 |
| 2023-04-03 | CVE-2023-24724 | Cross-site Scripting vulnerability in SAS web Administration Interface 9.4 A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. | 5.4 |
| 2022-02-19 | CVE-2022-25256 | Cross-site Scripting vulnerability in SAS web Report Studio 4.4 SAS Web Report Studio 4.4 allows XSS. | 4.3 |
| 2021-11-19 | CVE-2021-41569 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in SAS Sas/Intrnet 9.4 SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. | 5.0 |
| 2021-06-25 | CVE-2021-35475 | Cross-site Scripting vulnerability in SAS Environment Manager 2.5 SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. | 3.5 |
| 2020-06-24 | CVE-2020-7667 | Path Traversal vulnerability in SAS GO RPM Utils In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. | 5.0 |
| 2020-02-23 | CVE-2020-9350 | Cross-site Scripting vulnerability in SAS Visual Analytics 8.5 Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly. | 3.5 |
| 2019-11-14 | CVE-2019-14678 | XXE vulnerability in SAS Base SAS and XML Mapper SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. | 7.5 |
| 2019-07-31 | CVE-2007-6763 | Improper Input Validation vulnerability in SAS Drug Development SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser. | 6.5 |
| 2019-01-17 | CVE-2018-20733 | XXE vulnerability in SAS web Infrastructure Platform 9.4 BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. | 5.0 |