CVE-2021-41569 – SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (i …

19 November 2021

Vuln ID: CVE-2021-41569

Published: 2021-11-19 18:15:09Z

Description: SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-controllable variable and append additional functions native to the macro but not included as variables within the library. This includes a function that retrieves files from the host OS.

Source: NVD.NIST.GOV

Date:

19 November 2021

Categories:

NVD

Tags:

NVD

Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens3 December 2023
Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns2 December 2023
ChatGPT Spit Out Sensitive Data When Told to Repeat ‘Poem’ Forever2 December 2023
CISA and Partners Release Joint Advisory on IRGC-Affiliated Cyber Actors Exploiting PLCs2 December 2023
Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S.2 December 2023