Security Advisory

CVE-2024-48735

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-10-30 00:00:00

Last updated 2024-11-01 13:13:28

Assigner mitre

State PUBLISHED

Description

Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized users.

← Browse all CVEs View on cve.org ↗