S4E

CVE-2021-41569 Scanner

Detects 'Local File Inclusion (LFI)' vulnerability in SAS/Intrnet affects v. 9.4 build 1520 and earlier.

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

29 days

Scan only one

URL

Toolbox

-

SAS/Intrnet is a software product used for building web applications using SAS programming language. It is used by organizations for creating interactive reports, data visualization, and custom applications. The software allows for rapid development of web-based applications that are deployed locally or on the cloud. Its popularity stems from its ease of use, flexibility, and the ability to integrate with different systems.

One of the vulnerabilities detected in SAS/Intrnet is CVE-2021-41569. This vulnerability arises due to a local file inclusion issue that affects SAS/Intrnet 9.4 build 1520 and earlier. Specifically, the appstart.sas file in the samples library included in the software opens an avenue for end-users to access the sample.webcsf1.sas program. This program contains user-controlled macro variables that are passed to the DS2CSF macro. An attacker can exploit this vulnerability by bypassing the context of the configured user-controllable variable and executing additional functions native to the macro not accounted for in the library.

If exploited, this vulnerability can lead to unauthorized file access, data exfiltration, and remote code execution, which can result in a complete system compromise. Attackers can use the information acquired from the file system to launch further attacks, such as phishing campaigns targeting users or even gaining unauthorized access to other parts of the system.

Those who read this article can quickly learn about vulnerabilities in their digital assets by using the pro features of the s4e.io platform. This platform offers vulnerability scanning, patch management, and threat intelligence services that can help organizations identify, assess, and mitigate risks to their systems. By using this platform, organizations can keep their systems secure and ensure they remain protected against ever-evolving cyber threats.

 

REFERENCES

Get started to protecting your Free Full Security Scan