2 matches found
CVE-2019-14678
SAS XML Mapper 9.45 contains an XML External Entity (XXE) vulnerability in its XML parsing, also affecting the XMLV2 LIBNAME engine when AUTOMAP is used. The issue enables attackers to perform Local File Reading, Out Of Band File Exfiltration, Server-Side Request Forgery, and Potential Denial of ...
CVE-2014-2262
Buffer overflow in the client application of Base SAS 9.2 TS2M3, SAS 9.3 TS1M1/TS1M2, and SAS 9.4 TS1M0 allows user-assisted remote code execution via a crafted SAS program. Root cause: overflow in the client’s handling of SAS programs (no details on specific file/func). Impact: arbitrary code ex...