CVE-2022-25256 - OpenCVE

SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Oracle	Solaris
Microsoft	Windows
Ibm	Aix
Sas	Web Report Studio
Hpe	Hp-ux Ipfilter
Linux	Linux Kernel

Configuration 1 [-]

AND

cpe:2.3:a:sas:web_report_studio:4.4:*:*:*:*:*:*:*

OR	cpe:2.3:a:hpe:hp-ux_ipfilter:-:::::::*
	cpe:2.3:o:ibm:aix:-::::::x64:
	cpe:2.3:o:linux:linux_kernel:-::::::x64:
	cpe:2.3:o:microsoft:windows:-::::::x64:
	cpe:2.3:o:oracle:solaris:-::::::x64:

References

Link	Resource
https://github.com/RobertDra/CVE-2022-25256	Broken Link
https://sas.com	Product
https://support.sas.com/kb/62/972.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-02-19T00:17:15

Updated: 2022-02-24T16:36:57

Reserved: 2022-02-16T00:00:00

Link: CVE-2022-25256

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-19T01:15:08.157

Modified: 2022-03-04T14:12:17.017

Link: CVE-2022-25256

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-24T16:36:57", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sas.com"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/RobertDra/CVE-2022-25256"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.sas.com/kb/62/972.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-25256", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://sas.com", "refsource": "MISC", "url": "https://sas.com"}, {"name": "https://github.com/RobertDra/CVE-2022-25256", "refsource": "MISC", "url": "https://github.com/RobertDra/CVE-2022-25256"}, {"name": "https://support.sas.com/kb/62/972.html", "refsource": "CONFIRM", "url": "https://support.sas.com/kb/62/972.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-25256", "datePublished": "2022-02-19T00:17:15", "dateReserved": "2022-02-16T00:00:00", "dateUpdated": "2022-02-24T16:36:57", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sas:web_report_studio:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "6DA45146-E919-457C-A6E1-E6A678B73E47", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:hpe:hp-ux_ipfilter:-:*:*:*:*:*:*:*", "matchCriteriaId": "73630607-A91E-4D7C-ABB4-6F677BA3C585", "vulnerable": false}, {"criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:x64:*", "matchCriteriaId": "289B4B4D-D500-45C9-9BFE-E1A802740EDD", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:x64:*", "matchCriteriaId": "71BFBE5F-56EB-45C9-B558-FC4D7CEA345A", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*", "matchCriteriaId": "82132539-3C34-4B63-BE2A-F51077D8BC5A", "vulnerable": false}, {"criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:x64:*", "matchCriteriaId": "63CA0FD9-03F3-4429-96B0-82BA20A7D3D3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL."}, {"lang": "es", "value": "SAS Web Report Studio versi\u00f3n 4.4, permite un ataque de tipo XSS. El archivo /SASWebReportStudio/logonAndRender.do presenta dos par\u00e1metros: saspfs_request_backlabel_list y saspfs_request_backurl_list. El primero afecta al contenido del bot\u00f3n situado en la parte superior izquierda. El segundo afecta a la p\u00e1gina a la que es dirigida el usuario tras pulsar el bot\u00f3n, por ejemplo, una p\u00e1gina web maliciosa. Adem\u00e1s, el segundo par\u00e1metro ejecuta JavaScript, lo que significa que el ataque de tipo XSS es posible a\u00f1adiendo un javascript: URL"}], "id": "CVE-2022-25256", "lastModified": "2022-03-04T14:12:17.017", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-19T01:15:08.157", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://github.com/RobertDra/CVE-2022-25256"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://sas.com"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.sas.com/kb/62/972.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}