Vulnerabilities > SAS

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2023-4932 Cross-site Scripting vulnerability in SAS Integration Technologies 9.4
SAS application is vulnerable to Reflected Cross-Site Scripting (XSS).
network
low complexity
sas CWE-79
5.4
2023-04-03 CVE-2023-24724 Cross-site Scripting vulnerability in SAS web Administration Interface 9.4
A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields.
network
low complexity
sas CWE-79
5.4
2022-02-19 CVE-2022-25256 Cross-site Scripting vulnerability in SAS web Report Studio 4.4
SAS Web Report Studio 4.4 allows XSS.
network
sas CWE-79
4.3
2021-11-19 CVE-2021-41569 Inclusion of Functionality from Untrusted Control Sphere vulnerability in SAS Sas/Intrnet 9.4
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion.
network
low complexity
sas CWE-829
5.0
2021-06-25 CVE-2021-35475 Cross-site Scripting vulnerability in SAS Environment Manager 2.5
SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server.
network
sas CWE-79
3.5
2020-06-24 CVE-2020-7667 Path Traversal vulnerability in SAS GO RPM Utils
In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory.
network
low complexity
sas CWE-22
5.0
2020-02-23 CVE-2020-9350 Cross-site Scripting vulnerability in SAS Visual Analytics 8.5
Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly.
network
sas CWE-79
3.5
2019-11-14 CVE-2019-14678 XXE vulnerability in SAS Base SAS and XML Mapper
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways.
network
low complexity
sas CWE-611
7.5
2019-07-31 CVE-2007-6763 Improper Input Validation vulnerability in SAS Drug Development
SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.
network
low complexity
sas CWE-20
6.5
2019-01-17 CVE-2018-20733 XXE vulnerability in SAS web Infrastructure Platform 9.4
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE.
network
low complexity
sas hpe ibm linux microsoft oracle CWE-611
5.0