PT-2020-20604 · Sas · Sas Visual Analytics

Published

2020-02-23

Updated

2020-02-24

CVE-2020-9350

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SAS Visual Analytics version 8.5

Description The issue allows for cross-site scripting (XSS) via a graph template that is accessed directly in the Graph Builder component.

Recommendations For SAS Visual Analytics version 8.5, consider restricting access to graph templates to minimize the risk of exploitation until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-9350

Affected Products

Sas Visual Analytics

PT-2020-20604 · Sas · Sas Visual Analytics

CVE-2020-9350

Weakness Enumeration

Related Identifiers

Affected Products

References · 4