CVE-2023-4932

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 12, 2023

Updated: Dec 15, 2023

CWE ID 79

Summary

CVE-2023-4932: SAS application versions 9.4_M7 and 9.4_M8 are vulnerable to Reflected Cross-Site Scripting (XSS) due to insufficient input validation in the `_program` parameter of the `/SASStoredProcess/do` endpoint. This issue allows an attacker to inject and execute arbitrary JavaScript code when an authenticated user opens a specially crafted URL. Although this vulnerability can be exploited by a low-privileged user, its impact on higher privilege levels is yet to be determined. Hot fixes have been released for the affected versions to address this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Special Air Service

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/srIlYk
https://www.cve.org/CVERecord?id=CVE-2023-4932
https://nvd.nist.gov/vuln/detail/CVE-2023-4932

Back to Vulnerability Database

CVE-2023-4932

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations