Vulnerabilities > SAS > WEB Infrastructure Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-17 | CVE-2018-20733 | XXE vulnerability in SAS web Infrastructure Platform 9.4 BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. | 5.0 |
| 2019-01-17 | CVE-2018-20732 | Deserialization of Untrusted Data vulnerability in SAS web Infrastructure Platform 9.4 SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant. | 7.5 |
| 2019-01-17 | CVE-2015-9281 | Cross-site Scripting vulnerability in SAS web Infrastructure Platform 9.4 Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. | 4.3 |