Web Report Studio Security Vulnerabilities and Issues — Web Report Studio CVE List

Lucene search

SasWeb Report Studio

4 matches found

CVE•added 2022/02/19 1:15 a.m.•85 views

CVE-2022-25256

SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pres...

6.1CVSS5.9AI score0.00747EPSS

CVE•added 2024/10/30 9:15 p.m.•45 views

CVE-2024-48735

Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized...

7.7CVSS7.6AI score0.00818EPSS

CVE•added 2024/10/30 9:15 p.m.•44 views

CVE-2024-48734

Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users.

8.8CVSS6.7AI score0.00611EPSS

CVE•added 2024/10/30 9:15 p.m.•39 views

CVE-2024-48733

SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users.

8.8CVSS8.3AI score0.02081EPSS