CVE-2021-41569P2HIGHCVSS 7.5ExploitedPoCfixed in 9.4·v9.42021-11-19
CVE-2021-41569 [HIGH] CWE-829 CVE-2021-41569: SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-con
nvd