Web Report Studio@9.4 Security Vulnerabilities and Issues — Web Report Studio@9.4 CVE List

Lucene search

SasWeb Report Studio9.4

3 matches found

CVE•added 2024/10/30 9:15 p.m.•45 views

CVE-2024-48735

Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized...

7.7CVSS7.6AI score0.00818EPSS

CVE•added 2024/10/30 9:15 p.m.•44 views

CVE-2024-48734

Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users.

8.8CVSS6.7AI score0.00611EPSS

CVE•added 2024/10/30 9:15 p.m.•39 views

CVE-2024-48733

SQL injection vulnerability in /SASStudio/sasexec/sessions/{sessionID}/sql in SAS Studio 9.4 allows remote attacker to execute arbitrary SQL commands via the POST body request. NOTE: this is disputed by the vendor because SQL statement execution is allowed for authorized users.

8.8CVSS8.3AI score0.02081EPSS