Vulnerabilities > SAS > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-14 | CVE-2019-14678 | XXE vulnerability in SAS Base SAS and XML Mapper SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. | 7.5 |
2019-01-17 | CVE-2018-20732 | Deserialization of Untrusted Data vulnerability in SAS web Infrastructure Platform 9.4 SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant. | 7.5 |
2002-12-31 | CVE-2002-2018 | Unspecified vulnerability in SAS Base and Integration Technologies sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault. | 7.2 |
2002-05-16 | CVE-2002-0219 | Buffer Overflow vulnerability in SAS SASTCPD Command Line Argument Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument. | 7.2 |
2002-05-16 | CVE-2002-0218 | Unspecified vulnerability in SAS Base and SAS Integration Technologies Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument. | 7.2 |