Filtered by vendor Sas
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4932 | 1 Sas | 1 Integration Technologies | 2023-12-15 | N/A | 5.4 MEDIUM |
| SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the `_program` parameter of the the `/SASStoredProcess/do` endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versionsĀ 9.4_M7 andĀ 9.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published. | |||||
| CVE-2021-35475 | 1 Sas | 1 Environment Manager | 2021-07-01 | 3.5 LOW | 5.4 MEDIUM |
| SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties. | |||||
| CVE-2020-9350 | 1 Sas | 1 Visual Analytics | 2020-02-24 | 3.5 LOW | 5.4 MEDIUM |
| Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly. | |||||
| CVE-2015-9281 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2019-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. | |||||