Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sas vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2002-0218
Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument.
Sas Sas Base 8.0
Sas Sas Base 8.1
Sas Sas Integration Technologies 8.0
Sas Sas Integration Technologies 8.1
7.2
CVSSv2
CVE-2002-0219
Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument.
Sas Sas Integration Technologies 8.0
Sas Sas Integration Technologies 8.1
Sas Sas Base 8.1
Sas Sas Base 8.0
9.3
CVSSv2
CVE-2014-2262
Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote malicious users to execute arbitrary code via a crafted SAS program.
Sas Base Sas 9.3
Sas Base Sas 9.4
Sas Base Sas 9.2
5
CVSSv2
CVE-2021-41569
SAS/Intrnet 9.4 build 1520 and previous versions allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are ...
Sas Sas\\/intrnet
Sas Sas\\/intrnet 9.4
6.5
CVSSv2
CVE-2007-6763
SAS Drug Development (SDD) prior to 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.
Sas Sas Drug Development
4.3
CVSSv2
CVE-2015-9281
Logon Manager in SAS Web Infrastructure Platform prior to 9.4M3 allows reflected XSS on the Timeout page.
Sas Web Infrastructure Platform
Sas Web Infrastructure Platform 9.4
7.5
CVSSv2
CVE-2018-20732
SAS Web Infrastructure Platform prior to 9.4M6 allows remote malicious users to execute arbitrary code via a Java deserialization variant.
Sas Web Infrastructure Platform 9.4
Sas Web Infrastructure Platform
5
CVSSv2
CVE-2018-20733
BI Web Services in SAS Web Infrastructure Platform prior to 9.4M6 allows XXE.
Sas Web Infrastructure Platform 9.4
Sas Web Infrastructure Platform
7.5
CVSSv2
CVE-2019-14678
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerab...
Sas Xml Mapper 9.45
Sas Base Sas 9.4
1 Github repository
10
CVSSv2
CVE-2002-2017
sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.
Sas Base 8.0
Sas Integration Technologies 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »