sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.00642
Percentile: 0.69642

CVSS Scoring

Affected Products

• cpe:2.3:a:sas:base:8.0:*:*:*:*:*:*:*
• cpe:2.3:a:sas:integration_technologies:8.0:*:*:*:*:*:*:*

← Back to Home