Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:31 a.m.9 views

CVE-2024-48735

Directory Traversal in /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized...

7.7CVSS7.6AI score0.00954EPSS
Exploits0References1
NVD
NVD
added 2024/10/30 9:15 p.m.12 views

CVE-2024-48733

SQL injection vulnerability in /SASStudio/sasexec/sessions/sessionID/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users...

8.8CVSS0.00706EPSS
Exploits0References2
NVD
NVD
added 2024/10/30 9:15 p.m.15 views

CVE-2024-48734

Unrestricted file upload in /SASStudio/SASStudio/sasexec/sessionID/InternalPath in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users...

8.8CVSS0.00594EPSS
Exploits0References1
NVD
NVD
added 2024/10/30 9:15 p.m.26 views

CVE-2024-48735

Directory Traversal in /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized...

7.7CVSS0.00954EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/30 12:0 a.m.255 views

CVE-2024-48733

SQL injection vulnerability in /SASStudio/sasexec/sessions/sessionID/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users...

0.00706EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/30 12:0 a.m.17 views

CVE-2024-48734

Unrestricted file upload in /SASStudio/SASStudio/sasexec/sessionID/InternalPath in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users...

7AI score0.00594EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/30 12:0 a.m.21 views

CVE-2024-48734

Unrestricted file upload in /SASStudio/SASStudio/sasexec/sessionID/InternalPath in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users...

0.00594EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/30 12:0 a.m.14 views

CVE-2024-48735

Directory Traversal in /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized...

7.6AI score0.00954EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/30 12:0 a.m.26 views

CVE-2024-48735

Directory Traversal in /SASStudio/sasexec/sessions/sessionID/workspace/InternalPath in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized...

0.00954EPSS
Exploits0References1
Rows per page
Query Builder