Sas Integration Technologies 9.4 M7
Approved changes feed: RSS · Atom
cpe:2.3:a:sas:integration_technologies:9.4:m7:*:*:*:*:*:*
part: a version: 9.4 update: m7
| Vendor | Sas (92141fd0-1bae-5599-a81e-a7636e003c39) |
|---|---|
| Product | Integration Technologies (5ca1dfbe-1bf3-56d6-a8a5-8cf21b7ca23f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-4932 |
vulnerable | 2026-06-03 14:53:30.211178 |
Reflected Cross-Site Scripting in SAS 9.4
MEDIUM (6.3)
SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the `_program` parameter of the the `/SASStoredProcess/do` endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versions 9.4_M7 and 9.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published.
Published: 2023-12-12T09:48:23.274Z
Updated: 2024-08-02T07:44:53.339Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.