19 matches found
CVE-2024-48735
Directory Traversal in /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized...
CVE-2024-48733
SQL injection vulnerability in /SASStudio/sasexec/sessions/sessionID/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users...
CVE-2024-48734
Unrestricted file upload in /SASStudio/SASStudio/sasexec/sessionID/InternalPath in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users...
CVE-2024-48733
SQL injection vulnerability in /SASStudio/sasexec/sessions/sessionID/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users...
CVE-2024-48734
Unrestricted file upload in /SASStudio/SASStudio/sasexec/sessionID/InternalPath in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users...
CVE-2024-48735
Directory Traversal in /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized...
CVE-2024-48734
Unrestricted file upload exists in SAS Studio 9.4 at the endpoint /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath}, enabling a remote attacker to upload malicious files. The vulnerability is disputed by the vendor, who notes that file upload is allowed for authorized users. Affected produc...
CVE-2024-48734
Unrestricted file upload in /SASStudio/SASStudio/sasexec/sessionID/InternalPath in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users...
CVE-2024-48733
SQL injection vulnerability in /SASStudio/sasexec/sessions/sessionID/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users...
CVE-2024-48733
SQL injection vulnerability in /SASStudio/sasexec/sessions/sessionID/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users...
CVE-2024-48733
CVE-2024-48733 describes a SQL injection vulnerability in SAS Studio 9.4 at the endpoint /SASStudio/sasexec/sessions/{sessionID}/sql. The issue allows a remote attacker to execute arbitrary SQL commands by sending data in the POST body, with high impact on confidentiality, integrity, and availabi...
PT-2024-33195 · Sas · Sas Studio
Name of the Vulnerable Software and Affected Versions: SAS Studio version 9.4 Description: The issue allows a remote attacker to access internal files by manipulating the default path during file download through the /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath endpoint, using...
PT-2024-33193 · Sas · Sas Studio
Name of the Vulnerable Software and Affected Versions: SAS Studio version 9.4 Description: A SQL injection issue exists in the /SASStudio/sasexec/sessions/sessionID/sql endpoint of SAS Studio, allowing a remote attacker to execute arbitrary SQL commands via the POST body request. This issue is...
CVE-2024-48735
CVE-2024-48735 : In SAS Studio 9.4, a Directory Traversal vulnerability exists in the /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} endpoint. A remote attacker could access internal files by manipulating the default path during file download. The vendor disputes the flaw, argui...
SAS Studio 安全漏洞
SAS Studio is a Web browser-based programming environment from SAS. A security vulnerability exists in SAS Studio version 9.4. A remote attacker can exploit the vulnerability to execute arbitrary SQL commands via a POST body request...
CVE-2024-48735
Directory Traversal in /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized...
CVE-2024-48734
Unrestricted file upload in /SASStudio/SASStudio/sasexec/sessionID/InternalPath in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users...
CVE-2024-48735
Directory Traversal in /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized...
PT-2024-33194 · Sas · Sas Studio
Name of the Vulnerable Software and Affected Versions: SAS Studio version 9.4 Description: The issue concerns an unrestricted file upload in the /SASStudio/SASStudio/sasexec/sessionID/InternalPath endpoint, allowing a remote attacker to upload malicious files. This is disputed by the vendor as fi...