3 matches found
CVE-2015-9281
CVE-2015-9281 concerns the Logon Manager in SAS Web Infrastructure Platform (pre-9.4M3). The vulnerability is a reflected XSS on the Timeout page, caused by insufficient input sanitization on that page. Affected component: Logon Manager’s web UI; the issue is triggered when processing user-contro...
CVE-2018-20732
CVE-2018-20732 affects SAS Web Infrastructure Platform prior to 9.4M6, where a Java deserialization variant allows remote code execution. The vulnerability impacts the platform’s deserialization handling, enabling arbitrary code execution by an authenticated or unauthenticated attacker over the n...
CVE-2018-20733
The vulnerability CVE-2018-20733 affects SAS Web Infrastructure Platform’s BI Web Services prior to 9.4M6. The root issue is an XML External Entity (XXE) exposure within BI Web Services, potentially impacting confidentiality as indicated by CVSS metrics (C: Partial, A: None, I: None for CVSS2; C:...