CVE

CVE-2018-20732

SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.

Back to all

CVE

CVE-2018-20732

SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

9.8

3.0

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8

3.0

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Related Resources

No items found.

References

http://www.securityfocus.com/bid/106648, https://support.sas.com/kb/63/391.html

Severity

9.8

CVSS Score

Basic Information

Ecosystem

Base CVSS

9.8

EPSS Probability

0.04279%

EPSS Percentile

0.88614%

Introduced Version

Fix Available

daa5b2d869ee5a16f3ef9035aa0ad3c70cf4028e

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2018-20732

CVE-2018-20732

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

9.8

Basic Information

Fix Critical Vulnerabilities Instantly