CVE-2023-4932

SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the `_program` parameter of the the `/SASStoredProcess/do` endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versions 9.4_M7 and 9.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://cert.pl/en/posts/2023/12/CVE-2023-4932/	Third Party Advisory
https://cert.pl/posts/2023/12/CVE-2023-4932/	Third Party Advisory
https://support.sas.com/kb/70/265.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sas:integration_technologies:9.4:m7::::::
	cpe:2.3:a:sas:integration_technologies:9.4:m8::::::

History

15 Dec 2023, 15:11

Type	Values Removed	Values Added
CPE		cpe:2.3:a:sas:integration_technologies:9.4:m8:::::: cpe:2.3:a:sas:integration_technologies:9.4:m7::::::
CWE		CWE-79
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.4
References	~~() https://cert.pl/posts/2023/12/CVE-2023-4932/ -~~	() https://cert.pl/posts/2023/12/CVE-2023-4932/ - Third Party Advisory
References	~~() https://support.sas.com/kb/70/265.html -~~	() https://support.sas.com/kb/70/265.html - Vendor Advisory
References	~~() https://cert.pl/en/posts/2023/12/CVE-2023-4932/ -~~	() https://cert.pl/en/posts/2023/12/CVE-2023-4932/ - Third Party Advisory

12 Dec 2023, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-12 10:15

Updated : 2024-02-05 00:22

NVD link : CVE-2023-4932

Mitre link : CVE-2023-4932

CVE.ORG link : CVE-2023-4932

JSON object : View

Products Affected

sas

integration_technologies

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-4932", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 1.5}]}, "published": "2023-12-12T10:15:10.483", "references": [{"url": "https://cert.pl/en/posts/2023/12/CVE-2023-4932/", "tags": ["Third Party Advisory"], "source": "cvd@cert.pl"}, {"url": "https://cert.pl/posts/2023/12/CVE-2023-4932/", "tags": ["Third Party Advisory"], "source": "cvd@cert.pl"}, {"url": "https://support.sas.com/kb/70/265.html", "tags": ["Vendor Advisory"], "source": "cvd@cert.pl"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the `_program` parameter of the the `/SASStoredProcess/do` endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versions\u00a09.4_M7 and\u00a09.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published. \n"}, {"lang": "es", "value": "La aplicaci\u00f3n SAS es vulnerable a Cross-Site Scripting (XSS) Reflejado. La validaci\u00f3n de entrada incorrecta en el par\u00e1metro `_program` del endpoint `/SASStoredProcess/do` permite que se ejecute JavaScript arbitrario cuando un usuario autenticado abre una URL especialmente manipulada. El ataque es posible por parte de un usuario con pocos privilegios. Solo se probaron las versiones 9.4_M7 y 9.4_M8 y se confirm\u00f3 que eran vulnerables; se desconoce el estado de las dem\u00e1s. Para las versiones mencionadas anteriormente se publicaron revisiones."}], "lastModified": "2023-12-15T15:11:06.570", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sas:integration_technologies:9.4:m7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34C561C2-B769-4F21-9D30-057F96599F5A"}, {"criteria": "cpe:2.3:a:sas:integration_technologies:9.4:m8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A55599A-5822-4EF7-981A-9EF637B316D7"}], "operator": "OR"}]}], "sourceIdentifier": "cvd@cert.pl"}