Vulnerabilities > SAS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-17 | CVE-2018-20732 | Deserialization of Untrusted Data vulnerability in SAS web Infrastructure Platform 9.4 SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant. | 7.5 |
| 2019-01-17 | CVE-2015-9281 | Cross-site Scripting vulnerability in SAS web Infrastructure Platform 9.4 Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. | 4.3 |
| 2014-08-25 | CVE-2014-5454 | Arbitrary File Upload vulnerability in SAS Visual Analytics 6.4 Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. network sas | 6.0 |
| 2014-03-01 | CVE-2014-2262 | Buffer Errors vulnerability in SAS Base SAS 9.2/9.3/9.4 Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program. | 9.3 |
| 2002-12-31 | CVE-2002-2018 | Unspecified vulnerability in SAS Base and Integration Technologies sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault. | 7.2 |
| 2002-12-31 | CVE-2002-2017 | Local Root Code Execution vulnerability in SAS SASTCPD sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd. | 10.0 |
| 2002-05-16 | CVE-2002-0219 | Buffer Overflow vulnerability in SAS SASTCPD Command Line Argument Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument. | 7.2 |
| 2002-05-16 | CVE-2002-0218 | Unspecified vulnerability in SAS Base and SAS Integration Technologies Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument. | 7.2 |