PT-2023-19749 · Sas · Sas 9.4 Admin Console+1

Published

2023-04-03

Updated

2023-04-11

CVE-2023-24724

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SAS Web Administration interface (SASAdmin) versions 9.4 M2 through 9.4 M2 SAS release versions 9.4 TS1M2 through 9.4 TS1M2

Description A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields.

Recommendations For SAS Web Administration interface (SASAdmin) version 9.4 M2, update to version 9.4 M3. For SAS release version 9.4 TS1M2, update to version 9.4 TS1M3.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-24724

Affected Products

Sas 9.4 Admin Console

Sas Web Administration Interface

PT-2023-19749 · Sas · Sas 9.4 Admin Console+1

CVE-2023-24724

Weakness Enumeration

Related Identifiers

Affected Products

References · 8