CVE-2018-20733
https://notcve.org/view.php?id=CVE-2018-20733
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. BI Web Services en SAS Web Infrastructure Platform en versiones anteriores a la 9.4M6 permite XEE (XML External Entity). • http://support.sas.com/kb/62/987.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2015-9281
https://notcve.org/view.php?id=CVE-2015-9281
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. Logon Manager en SAS Web Infrastructure Platform, en versiones anteriores a la 9.4M3, permite Cross-Site Scripting (XSS) reflejado en la página Timeout. • http://support.sas.com/kb/55/537.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-20732
https://notcve.org/view.php?id=CVE-2018-20732
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant. SAS Web Infrastructure Platform, en versiones anteriores a la 9.4M6, permite que atacantes remotos ejecuten código arbitrario mediante una variante de deserialización de Java. • http://www.securityfocus.com/bid/106648 https://support.sas.com/kb/63/391.html • CWE-502: Deserialization of Untrusted Data •