Описание
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 9.4 (исключая)
Одновременно
Одно из
cpe:2.3:a:sas:web_infrastructure_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:sas:web_infrastructure_platform:9.4:-:*:*:*:*:*:*
cpe:2.3:a:sas:web_infrastructure_platform:9.4:maintenance_release_1:*:*:*:*:*:*
cpe:2.3:a:sas:web_infrastructure_platform:9.4:maintenance_release_2:*:*:*:*:*:*
cpe:2.3:a:sas:web_infrastructure_platform:9.4:maintenance_release_3:*:*:*:*:*:*
cpe:2.3:a:sas:web_infrastructure_platform:9.4:maintenance_release_4:*:*:*:*:*:*
cpe:2.3:a:sas:web_infrastructure_platform:9.4:maintenance_release_5:*:*:*:*:*:*
Одно из
cpe:2.3:a:hpe:hp-ux_ipfilter:-:*:*:*:*:*:*:*
cpe:2.3:o:ibm:aix:-:*:*:*:*:*:x64:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*
cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:x64:*
EPSS
Процентиль: 89%
0.04279
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.
EPSS
Процентиль: 89%
0.04279
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-502