Known Vulnerabilities for products from Sas
Listed below are 18 of the newest known vulnerabilities associated with the vendor "Sas".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-24724 json | A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, ... | 5.4 - MEDIUM | 2023-04-03 | 2023-11-07 |
| CVE-2022-25256 json | SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list... | 6.1 - MEDIUM | 2022-02-19 | 2022-03-04 |
| CVE-2021-42186 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | Not Provided | 2022-03-10 | 2023-11-07 |
| CVE-2021-41569 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2021-11-19 | 2022-04-06 |
| CVE-2021-35475 json | SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editin... | 5.4 - MEDIUM | 2021-06-25 | 2021-07-01 |
| CVE-2020-9350 json | Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly. | 5.4 - MEDIUM | 2020-02-23 | 2020-02-24 |
| CVE-2020-7667 json | In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize t... | 7.5 - HIGH | 2020-06-24 | 2021-12-21 |
| CVE-2019-14678 json | SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple w... | 10 - CRITICAL | 2019-11-14 | 2019-11-22 |
| CVE-2018-20733 json | BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. | 7.5 - HIGH | 2019-01-17 | 2019-02-01 |
| CVE-2018-20732 json | SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization var... | 9.8 - CRITICAL | 2019-01-17 | 2019-02-07 |
| CVE-2015-9281 json | Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. | 6.1 - MEDIUM | 2019-01-17 | 2019-01-24 |
| CVE-2014-5454 json | Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated u... | Not Provided | 2014-08-25 | 2026-05-06 |
| CVE-2014-2262 json | Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS 9.3 TS1M1 and TS1M2, and SAS 9.4 TS1M0 allows user-assis... | Not Provided | 2014-03-01 | 2026-04-29 |
| CVE-2007-6763 json | SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to ac... | 8.8 - HIGH | 2019-07-31 | 2019-08-12 |
| CVE-2002-2018 json | sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which caus... | Not Provided | 2002-12-31 | 2025-04-03 |
| CVE-2002-2017 json | sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to referenc... | Not Provided | 2002-12-31 | 2025-04-03 |
| CVE-2002-0219 json | Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.1 allows loc... | Not Provided | 2002-05-16 | 2025-04-03 |
| CVE-2002-0218 json | Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn in SAS/Integration Technologies 8.0 and 8.... | Not Provided | 2002-05-16 | 2025-04-03 |
Known software with vulnerabilities from Sas
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Sas | Base Sas | 9.2 |
| Application | Sas | Client Connection Profile Configuration | 9.2 |
| Application | Sas | Deployment Tester | 1.3 |
| Application | Sas | Deployment Tester Client | 1.3 |
| Application | Sas | Go Rpm Utils | 0.1.0 |
| Application | Sas | Intelligence Platform Object Framework | 9.2 |
| Application | Sas | Jmp | 9.0 |
| Application | Sas | Locale Setup Manager | 2.1 |
| Application | Sas | Management Console | 9.2 |
| Application | Sas | Sas Enterprise Guide | 4.3 |
| Application | Sas | Versioned Jar Repository | 9.2 |
| Application | Sas | Visual Analytics | 6.4 |
| Application | Sas | Xml Mapper | 9.2 |