Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sas vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2002-0218
Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument.
Sas Sas Base 8.1
Sas Sas Integration Technologies 8.1
Sas Sas Base 8.0
Sas Sas Integration Technologies 8.0
7.2
CVSSv2
CVE-2002-0219
Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument.
Sas Sas Base 8.1
Sas Sas Integration Technologies 8.1
Sas Sas Base 8.0
Sas Sas Integration Technologies 8.0
9.3
CVSSv2
CVE-2014-2262
Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote malicious users to execute arbitrary code via a crafted SAS program.
Sas Base Sas 9.3
Sas Base Sas 9.2
Sas Base Sas 9.4
5
CVSSv2
CVE-2021-41569
SAS/Intrnet 9.4 build 1520 and previous versions allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are ...
Sas Sas/intrnet 9.4
Sas Sas/intrnet
7.5
CVSSv2
CVE-2019-14678
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerab...
Sas Xml Mapper 9.45
Sas Base Sas 9.4
1 Github repository
6.5
CVSSv2
CVE-2007-6763
SAS Drug Development (SDD) prior to 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.
Sas Sas Drug Development
7.2
CVSSv2
CVE-2002-2018
sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault.
Sas Integration Technologies 8.0
Sas Base 8.0
10
CVSSv2
CVE-2002-2017
sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.
Sas Integration Technologies 8.0
Sas Base 8.0
4.3
CVSSv2
CVE-2015-9281
Logon Manager in SAS Web Infrastructure Platform prior to 9.4M3 allows reflected XSS on the Timeout page.
Sas Web Infrastructure Platform
Sas Web Infrastructure Platform 9.4
7.5
CVSSv2
CVE-2018-20732
SAS Web Infrastructure Platform prior to 9.4M6 allows remote malicious users to execute arbitrary code via a Java deserialization variant.
Sas Web Infrastructure Platform
Sas Web Infrastructure Platform 9.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »