Vulnerabilities > SAS > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-12 | CVE-2023-4932 | Cross-site Scripting vulnerability in SAS Integration Technologies 9.4 SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). | 5.4 |
2023-04-03 | CVE-2023-24724 | Cross-site Scripting vulnerability in SAS web Administration Interface 9.4 A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. | 5.4 |
2022-02-19 | CVE-2022-25256 | Cross-site Scripting vulnerability in SAS web Report Studio 4.4 SAS Web Report Studio 4.4 allows XSS. | 4.3 |
2021-11-19 | CVE-2021-41569 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in SAS Sas/Intrnet 9.4 SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. | 5.0 |
2020-06-24 | CVE-2020-7667 | Path Traversal vulnerability in SAS GO RPM Utils In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. | 5.0 |
2019-07-31 | CVE-2007-6763 | Improper Input Validation vulnerability in SAS Drug Development SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser. | 6.5 |
2019-01-17 | CVE-2018-20733 | XXE vulnerability in SAS web Infrastructure Platform 9.4 BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. | 5.0 |
2019-01-17 | CVE-2015-9281 | Cross-site Scripting vulnerability in SAS web Infrastructure Platform 9.4 Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. | 4.3 |
2014-08-25 | CVE-2014-5454 | Arbitrary File Upload vulnerability in SAS Visual Analytics 6.4 Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors. network sas | 6.0 |