PT-2019-10191 · Sas · Sas Web Infrastructure Platform

Published

2019-01-17

·

Updated

2019-02-07

·

CVE-2018-20732

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: SAS Web Infrastructure Platform versions prior to 9.4M6
Description: The issue allows remote attackers to execute arbitrary code via a Java deserialization variant.
Recommendations: For versions prior to 9.4M6, update to version 9.4M6 or later to resolve the issue.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2018-20732

Affected Products

Sas Web Infrastructure Platform