CVE-2024-48734

HIGH

SAS Studio 9.4 - Unrestricted File Upload

Title source: llm

Description

Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users.

References (2)

Core 2

Core References

Various Sources

http://sas.com

Various Sources

https://github.com/ACN-CVEs/CVE-2024-48734/blob/d59cca7b03bce3a516035d1a0f488d67c3d10ae6/Unrestricted%20file%20upload.pdf

Scores

CVSS v3 8.8

EPSS 0.0441

EPSS Percentile 89.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Published Oct 30, 2024

Tracked Since Feb 18, 2026