CVE-2007-6763
HIGHSAS Drug Development < 32drg02 - Unauthenticated Resource Access via Browser Back Button
Title source: llmDescription
SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
http://ftp.sas.com/techsup/download/hotfix/drugdev/32drg02/SDD_Release_Notes_32DRG02.pdf
Scores
CVSS v3
8.8
EPSS
0.0132
EPSS Percentile
67.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
sas/sas_drug_development
< 32drg02
Published
Jul 31, 2019
Tracked Since
Feb 18, 2026