Sas: Security Vulnerabilities
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.
CVSS Score
9.8
EPSS Score
0.043
Published
2019-01-17
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-01-17
Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
CVSS Score
6.0
EPSS Score
0.014
Published
2014-08-25
Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote attackers to execute arbitrary code via a crafted SAS program.
CVSS Score
9.3
EPSS Score
0.098
Published
2014-03-01
sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.
CVSS Score
10.0
EPSS Score
0.006
Published
2002-12-31
sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault.
CVSS Score
7.2
EPSS Score
0.0
Published
2002-12-31
Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via format specifiers in a command line argument.
CVSS Score
7.2
EPSS Score
0.001
Published
2002-05-16
Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows local users to execute arbitrary code via large command line argument.
CVSS Score
7.2
EPSS Score
0.001
Published
2002-05-16
Page 2