CVE-2021-41569

HIGH EXPLOITED NUCLEI

SAS/Intrnet <9.4 build 1520 - Local File Inclusion

Title source: llm

Description

SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-controllable variable and append additional functions native to the macro but not included as variables within the library. This includes a function that retrieves files from the host OS.

Nuclei Templates (1)

SAS/Internet 9.4 1520 - Local File Inclusion

HIGHby 0x_Akoko

References (2)

[Exploit, Third Party Advisory] https://www.mindpointgroup.com/blog/high-risk-vulnerability-discovery-localfileinclusion-sas

[Vendor Advisory] https://support.sas.com/kb/68/641.html

Scores

CVSS v3 7.5

EPSS 0.7377

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-11-27

CWE

CWE-829

Status published

Products (2)

sas/sas\/intrnet 9.4 (2 CPE variants)

sas/sas\/intrnet < 9.4

Published Nov 19, 2021

Tracked Since Feb 18, 2026