Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sas vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2002-0218
Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument.
Sas Sas Base 8.0
Sas Sas Base 8.1
Sas Sas Integration Technologies 8.0
Sas Sas Integration Technologies 8.1
7.2
CVSSv2
CVE-2002-0219
Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument.
Sas Sas Integration Technologies 8.0
Sas Sas Integration Technologies 8.1
Sas Sas Base 8.1
Sas Sas Base 8.0
9.3
CVSSv2
CVE-2014-2262
Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote malicious users to execute arbitrary code via a crafted SAS program.
Sas Base Sas 9.3
Sas Base Sas 9.4
Sas Base Sas 9.2
5
CVSSv2
CVE-2021-41569
SAS/Intrnet 9.4 build 1520 and previous versions allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are ...
Sas Sas\\/intrnet
Sas Sas\\/intrnet 9.4
6.5
CVSSv2
CVE-2007-6763
SAS Drug Development (SDD) prior to 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.
Sas Sas Drug Development
7.5
CVSSv2
CVE-2018-20732
SAS Web Infrastructure Platform prior to 9.4M6 allows remote malicious users to execute arbitrary code via a Java deserialization variant.
Sas Web Infrastructure Platform 9.4
Sas Web Infrastructure Platform
5
CVSSv2
CVE-2018-20733
BI Web Services in SAS Web Infrastructure Platform prior to 9.4M6 allows XXE.
Sas Web Infrastructure Platform 9.4
Sas Web Infrastructure Platform
4.3
CVSSv2
CVE-2015-9281
Logon Manager in SAS Web Infrastructure Platform prior to 9.4M3 allows reflected XSS on the Timeout page.
Sas Web Infrastructure Platform
Sas Web Infrastructure Platform 9.4
10
CVSSv2
CVE-2002-2017
sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.
Sas Base 8.0
Sas Integration Technologies 8.0
7.2
CVSSv2
CVE-2002-2018
sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault.
Sas Base 8.0
Sas Integration Technologies 8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »