← Back to CVE List
Vulnerability Analysis

CVE-2021-41569

SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-controllable variable and append additional functions native to the macro but not included as variables within the library. This includes a function that retrieves files from the host OS.

Nuclei Template
CVSS Base Score
7.5
HIGH
Exploitability:-
Impact Score:-
Temporal Score:-
EPSS:7.85%

Threat Intelligence Signals

CISA KEV
No
KEV Date Added
Ransomware Use
KEV Due Date
VulnCheck In-the-Wild
No
Nuclei Template
YES
EPSS Score
7.845%
EPSS Percentile
93.9th pct
GitHub Severity
HIGH

Identity & Timeline

Status-
Assigning Authority-
CVSS Version / Source-
Reserved-
Published-
Patch Date (date_public)-
Exploit DB Date-
First GitHub PoC Date-
Last Updated-
Time to Patch (Days to fix)-
Exploit Release Gap-
PoC Release Gap-
Exploit DB ReferencesNone identified

Affected Products & Versions

Vendor Product Affected Versions
No affected products specified.

References

No reference links found.

LINK COPIED TO CLIPBOARD