Vulnerabilities > SAS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-19 | CVE-2021-41569 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in SAS Sas/Intrnet 9.4 SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. | 7.5 |
| 2020-06-24 | CVE-2020-7667 | Path Traversal vulnerability in SAS GO RPM Utils In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. | 7.5 |
| 2019-07-31 | CVE-2007-6763 | Improper Input Validation vulnerability in SAS Drug Development SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser. | 8.8 |
| 2019-01-17 | CVE-2018-20733 | XXE vulnerability in SAS web Infrastructure Platform 9.4 BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. | 7.5 |