3 matches found
CVE-2002-2018
CVE-2002-2018 affects SAS/Base 8.0. The affected component is sastcpd; a local user can set the NETENCRALG environment variable, which causes a segmentation fault and may grant privileges. Exploit details and remediation/patch information are not provided in the connected documents.
CVE-2023-4932
The CVE-2023-4932 entry is supported by multiple connected sources confirming a Reflected Cross-Site Scripting (XSS) flaw in SAS Stored Process Web Application. Affected software: SAS 9.4_M7 and 9.4_M8. Root cause: improper input validation in the _program parameter of the /SASStoredProcess/do en...
CVE-2002-2017
The CVE-2002-2017 issue affects SAS/Base 8.0 where local users can cause arbitrary code execution by abusing sastcpd’s authprog environment variable to reference a malicious program, which is then executed by sastcpd. The root cause is the use of an environment variable (authprog) that dictates w...