CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2015-9281
https://notcve.org/view.php?id=CVE-2015-9281
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. Logon Manager en SAS Web Infrastructure Platform, en versiones anteriores a la 9.4M3, permite Cross-Site Scripting (XSS) reflejado en la página Timeout. • http://support.sas.com/kb/55/537.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2018-20732
https://notcve.org/view.php?id=CVE-2018-20732
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant. SAS Web Infrastructure Platform, en versiones anteriores a la 9.4M6, permite que atacantes remotos ejecuten código arbitrario mediante una variante de deserialización de Java. • http://www.securityfocus.com/bid/106648 https://support.sas.com/kb/63/391.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2018-20733
https://notcve.org/view.php?id=CVE-2018-20733
BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. BI Web Services en SAS Web Infrastructure Platform en versiones anteriores a la 9.4M6 permite XEE (XML External Entity). • http://support.sas.com/kb/62/987.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-2541
https://notcve.org/view.php?id=CVE-2019-2541
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: DHCP Client). The supported version that is affected is 10. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html http://www.securityfocus.com/bid/106587 •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-2544
https://notcve.org/view.php?id=CVE-2019-2544
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.0 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •