The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SAS Base SAS Software

security bulletin CVE-2018-11039

Spring Framework: information disclosure via Cross Site Tracing

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cross Site Tracing of Spring Framework, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 15/06/2018.
Identifiers: cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-11039, VIGILANCE-VUL-26439.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Cross Site Tracing of Spring Framework, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2018-1257

Spring Framework: denial of service via Spring-messaging

Synthesis of the vulnerability

An attacker can generate a fatal error via Spring-messaging of Spring Framework, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 09/05/2018.
Identifiers: cpuapr2019, cpujan2019, cpujul2019, cpuoct2018, CVE-2018-1257, VIGILANCE-VUL-26088.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Spring-messaging of Spring Framework, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2018-1275

Spring Framework: information disclosure via Multipart Content

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Multipart Content of Spring Framework, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 10/04/2018.
Identifiers: cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-1275, VIGILANCE-VUL-25828.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Multipart Content of Spring Framework, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2018-1272

Spring Framework: information disclosure via Multipart Content

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Multipart Content of Spring Framework, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 06/04/2018.
Identifiers: cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-1272, RHSA-2018:2669-01, VIGILANCE-VUL-25785.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Multipart Content of Spring Framework, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2018-1271

Spring Framework: directory traversal via Spring MVC

Synthesis of the vulnerability

An attacker can traverse directories via Spring MVC of Spring Framework, in order to read a file outside the service root path.
Severity: 2/4.
Creation date: 06/04/2018.
Identifiers: cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-1271, RHSA-2018:2669-01, VIGILANCE-VUL-25784.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can traverse directories via Spring MVC of Spring Framework, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2018-1270

Spring Framework: code execution via spring-messaging

Synthesis of the vulnerability

An attacker can use a vulnerability via spring-messaging of Spring Framework, in order to run code.
Severity: 3/4.
Creation date: 06/04/2018.
Identifiers: cpujan2019, cpujul2018, cpujul2019, cpuoct2018, CVE-2018-1270, VIGILANCE-VUL-25783.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via spring-messaging of Spring Framework, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2017-7957

XStream: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of XStream, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 02/05/2017.
Identifiers: 2004066, 2008217, CVE-2017-7957, DLA-930-1, DSA-3841-1, RHSA-2017:1832-01, RHSA-2017:2888-01, RHSA-2017:2889-01, VIGILANCE-VUL-22600.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error of XStream, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness note CVE-2016-6814

Apache Groovy: code execution

Synthesis of the vulnerability

An attacker can use a vulnerability of Apache Groovy, in order to run code.
Severity: 2/4.
Creation date: 23/01/2017.
Identifiers: cpuapr2018, cpujan2018, cpujan2019, cpujul2019, cpuoct2017, CVE-2016-6814, DLA-794-1, FEDORA-2017-1ce2a05ff1, FEDORA-2017-33c8085c5d, FEDORA-2017-661dddc462, FEDORA-2017-cc0e0daf0f, RHSA-2017:0272-01, RHSA-2017:0868-01, RHSA-2017:2486-01, RHSA-2017:2596-01, VIGILANCE-VUL-21640.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability of Apache Groovy, in order to run code.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2016-9878

Spring Framework: directory traversal via ResourceServlet

Synthesis of the vulnerability

An attacker can traverse directories via ResourceServlet of Spring Framework, in order to read a file outside the service root path.
Severity: 2/4.
Creation date: 22/12/2016.
Identifiers: 1996375, 2015813, CST-7122, CST-7123, CST-7124, CST-7125, CST-7126, CST-7127, CST-7128, CST-7129, CST-7130, CST-7131, CVE-2016-9878, DLA-1853-1, FEDORA-2016-f341d71730, RHSA-2017:3115-01, VIGILANCE-VUL-21453.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Spring Framework product offers a web service.

However, user's data are directly inserted in an access path. Sequences such as "/.." can thus be used to go in the upper directory.

An attacker can therefore traverse directories via ResourceServlet of Spring Framework, in order to read a file outside the service root path.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2016-7052

OpenSSL 1.0.2i: NULL pointer dereference via CRL

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via a CRL on an application linked to OpenSSL 1.0.2i, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 26/09/2016.
Identifiers: 1996096, 2000095, 2000209, 2003480, 2003620, 2003673, 2008828, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-7052, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FreeBSD-SA-16:27.openssl, HPESBHF03856, JSA10759, openSUSE-SU-2016:2496-1, openSUSE-SU-2018:0458-1, SA132, SB10171, SP-CAAAPUE, SPL-129207, SSA:2016-270-01, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, TNS-2016-16, VIGILANCE-VUL-20701.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The OpenSSL version 1.0.2i product fixed a bug in CRL management.

However, this fix does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced via a CRL on an application linked to OpenSSL 1.0.2i, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SAS Base SAS Software: