19 matches found
CVE-2024-48735
Directory Traversal in /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized...
CVE-2024-48733
SQL injection vulnerability in /SASStudio/sasexec/sessions/sessionID/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users...
CVE-2024-48734
Unrestricted file upload in /SASStudio/SASStudio/sasexec/sessionID/InternalPath in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users...
CVE-2024-48735
Directory Traversal in /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized...
CVE-2024-48734
Unrestricted file upload in /SASStudio/SASStudio/sasexec/sessionID/InternalPath in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users...
CVE-2024-48733
SQL injection vulnerability in /SASStudio/sasexec/sessions/sessionID/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users...
CVE-2024-48735
Directory Traversal in /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized...
CVE-2024-48733
CVE-2024-48733 describes a SQL injection vulnerability in SAS Studio 9.4 at the endpoint /SASStudio/sasexec/sessions/{sessionID}/sql. The issue allows a remote attacker to execute arbitrary SQL commands by sending data in the POST body, with high impact on confidentiality, integrity, and availabi...
CVE-2024-48735
CVE-2024-48735 : In SAS Studio 9.4, a Directory Traversal vulnerability exists in the /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} endpoint. A remote attacker could access internal files by manipulating the default path during file download. The vendor disputes the flaw, argui...
CVE-2024-48734
Unrestricted file upload in /SASStudio/SASStudio/sasexec/sessionID/InternalPath in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users...
PT-2024-33195 · Sas · Sas Studio
Name of the Vulnerable Software and Affected Versions: SAS Studio version 9.4 Description: The issue allows a remote attacker to access internal files by manipulating the default path during file download through the /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath endpoint, using...
CVE-2024-48733
SQL injection vulnerability in /SASStudio/sasexec/sessions/sessionID/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users...
CVE-2024-48733
SQL injection vulnerability in /SASStudio/sasexec/sessions/sessionID/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users...
CVE-2024-48734
Unrestricted file upload in /SASStudio/SASStudio/sasexec/sessionID/InternalPath in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users...
PT-2024-33194 · Sas · Sas Studio
Name of the Vulnerable Software and Affected Versions: SAS Studio version 9.4 Description: The issue concerns an unrestricted file upload in the /SASStudio/SASStudio/sasexec/sessionID/InternalPath endpoint, allowing a remote attacker to upload malicious files. This is disputed by the vendor as fi...
PT-2024-33193 · Sas · Sas Studio
Name of the Vulnerable Software and Affected Versions: SAS Studio version 9.4 Description: A SQL injection issue exists in the /SASStudio/sasexec/sessions/sessionID/sql endpoint of SAS Studio, allowing a remote attacker to execute arbitrary SQL commands via the POST body request. This issue is...
CVE-2024-48735
Directory Traversal in /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized...
CVE-2024-48734
Unrestricted file upload exists in SAS Studio 9.4 at the endpoint /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath}, enabling a remote attacker to upload malicious files. The vulnerability is disputed by the vendor, who notes that file upload is allowed for authorized users. Affected produc...
SAS Studio 安全漏洞
SAS Studio is a Web browser-based programming environment from SAS. A security vulnerability exists in SAS Studio version 9.4. A remote attacker can exploit the vulnerability to execute arbitrary SQL commands via a POST body request...