Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sas vulnerabilities and exploits
(subscribe to this query)
641
VMScore
CVE-2002-0218
Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument.
Sas Sas Base 8.0
Sas Sas Base 8.1
Sas Sas Integration Technologies 8.0
Sas Sas Integration Technologies 8.1
641
VMScore
CVE-2002-0219
Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument.
Sas Sas Integration Technologies 8.0
Sas Sas Integration Technologies 8.1
Sas Sas Base 8.1
Sas Sas Base 8.0
828
VMScore
CVE-2014-2262
Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote malicious users to execute arbitrary code via a crafted SAS program.
Sas Base Sas 9.3
Sas Base Sas 9.4
Sas Base Sas 9.2
445
VMScore
CVE-2021-41569
SAS/Intrnet 9.4 build 1520 and previous versions allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are ...
Sas Sas\\/intrnet
Sas Sas\\/intrnet 9.4
578
VMScore
CVE-2007-6763
SAS Drug Development (SDD) prior to 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.
Sas Sas Drug Development
383
VMScore
CVE-2015-9281
Logon Manager in SAS Web Infrastructure Platform prior to 9.4M3 allows reflected XSS on the Timeout page.
Sas Web Infrastructure Platform
Sas Web Infrastructure Platform 9.4
668
VMScore
CVE-2018-20732
SAS Web Infrastructure Platform prior to 9.4M6 allows remote malicious users to execute arbitrary code via a Java deserialization variant.
Sas Web Infrastructure Platform 9.4
Sas Web Infrastructure Platform
445
VMScore
CVE-2018-20733
BI Web Services in SAS Web Infrastructure Platform prior to 9.4M6 allows XXE.
Sas Web Infrastructure Platform 9.4
Sas Web Infrastructure Platform
668
VMScore
CVE-2019-14678
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerab...
Sas Xml Mapper 9.45
Sas Base Sas 9.4
1 Github repository
890
VMScore
CVE-2002-2017
sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.
Sas Base 8.0
Sas Integration Technologies 8.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »