Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sas vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-0219
Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument.
Sas Sas Integration Technologies 8.0
Sas Sas Integration Technologies 8.1
Sas Sas Base 8.1
Sas Sas Base 8.0
NA
CVE-2002-0218
Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument.
Sas Sas Base 8.0
Sas Sas Base 8.1
Sas Sas Integration Technologies 8.0
Sas Sas Integration Technologies 8.1
NA
CVE-2014-2262
Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote malicious users to execute arbitrary code via a crafted SAS program.
Sas Base Sas 9.3
Sas Base Sas 9.4
Sas Base Sas 9.2
7.5
CVSSv3
CVE-2021-41569
SAS/Intrnet 9.4 build 1520 and previous versions allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are ...
Sas Sas\\/intrnet
Sas Sas\\/intrnet 9.4
8.8
CVSSv3
CVE-2007-6763
SAS Drug Development (SDD) prior to 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.
Sas Sas Drug Development
6.1
CVSSv3
CVE-2015-9281
Logon Manager in SAS Web Infrastructure Platform prior to 9.4M3 allows reflected XSS on the Timeout page.
Sas Web Infrastructure Platform
Sas Web Infrastructure Platform 9.4
7.5
CVSSv3
CVE-2018-20733
BI Web Services in SAS Web Infrastructure Platform prior to 9.4M6 allows XXE.
Sas Web Infrastructure Platform 9.4
Sas Web Infrastructure Platform
9.8
CVSSv3
CVE-2018-20732
SAS Web Infrastructure Platform prior to 9.4M6 allows remote malicious users to execute arbitrary code via a Java deserialization variant.
Sas Web Infrastructure Platform 9.4
Sas Web Infrastructure Platform
10
CVSSv3
CVE-2019-14678
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerab...
Sas Xml Mapper 9.45
Sas Base Sas 9.4
1 Github repository
NA
CVE-2002-2018
sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault.
Sas Base 8.0
Sas Integration Technologies 8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »