Vulnerabilities > SAS > WEB Infrastructure Platform

DATE CVE VULNERABILITY TITLE RISK
2019-01-17 CVE-2018-20733 XXE vulnerability in SAS web Infrastructure Platform 9.4
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE.
network
low complexity
sas CWE-611
7.5
7.5
2019-01-17 CVE-2018-20732 Deserialization of Untrusted Data vulnerability in SAS web Infrastructure Platform 9.4
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.
network
low complexity
sas CWE-502
critical
 9.8
9.8
2019-01-17 CVE-2015-9281 Cross-site Scripting vulnerability in SAS web Infrastructure Platform 9.4
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page.
network
low complexity
sas CWE-79
6.1
6.1