PT-2023-19749 · Sas · Sas 9.4 Admin Console+1

Publicado

2023-04-03

Atualizado

2023-04-11

CVE-2023-24724

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SAS Web Administration interface (SASAdmin) versions 9.4 M2 through 9.4 M2 SAS release versions 9.4 TS1M2 through 9.4 TS1M2

Description A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields.

Recommendations For SAS Web Administration interface (SASAdmin) version 9.4 M2, update to version 9.4 M3. For SAS release version 9.4 TS1M2, update to version 9.4 TS1M3.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-24724

Produtos afetados

Sas 9.4 Admin Console

Sas Web Administration Interface

PT-2023-19749 · Sas · Sas 9.4 Admin Console+1

CVE-2023-24724

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8