Deserialization of untrusted data

2019-01-1701:29:00

PRIOn knowledge base

www.prio-n.com

9.7 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.7%

JSON

SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.

CPENameOperatorVersion
web_infrastructure_platformlt9.4
web_infrastructure_platformeq9.4
web_infrastructure_platformeq9.4 maintenancerelease1
web_infrastructure_platformeq9.4 maintenancerelease2
web_infrastructure_platformeq9.4 maintenancerelease3
web_infrastructure_platformeq9.4 maintenancerelease4
web_infrastructure_platformeq9.4 maintenancerelease5

Name	Operator	Version
web_infrastructure_platform	lt	9.4
web_infrastructure_platform	eq	9.4
web_infrastructure_platform	eq	9.4 maintenancerelease1
web_infrastructure_platform	eq	9.4 maintenancerelease2
web_infrastructure_platform	eq	9.4 maintenancerelease3
web_infrastructure_platform	eq	9.4 maintenancerelease4
web_infrastructure_platform	eq	9.4 maintenancerelease5

References

www.securityfocus.com/bid/106648

support.sas.com/kb/63/391.html