{"id":6608,"date":"2021-04-14T13:27:53","date_gmt":"2021-04-14T11:27:53","guid":{"rendered":"https:\/\/the-s-unit.nl\/?p=6608"},"modified":"2024-07-26T12:00:16","modified_gmt":"2024-07-26T10:00:16","slug":"the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software","status":"publish","type":"post","link":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/","title":{"rendered":"The S-Unit finds three high impact vulnerabilities in SAS Business Intelligence software"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"6608\" class=\"elementor elementor-6608\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-355baed elementor-section-full_width elementor-section-height-min-height elementor-section-height-default elementor-section-items-middle\" data-id=\"355baed\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ef0c981\" data-id=\"ef0c981\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap\">\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-265bb9c elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"265bb9c\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0a58aba\" data-id=\"0a58aba\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3276580 elementor-widget elementor-widget-text-editor\" data-id=\"3276580\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Meerdere webservices op de SAS applicatie zijn kwetsbaar voor Java deserialisatie aanvallen en het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External\u202fEntity\u202faanvallen.<\/p><h3>Unauthenticated XML External Entities in SAS BI Web Services 9.4<\/h3><p>Het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External\u202fEntity\u202faanvallen. Er wordt door de REST services gebruik gemaakt van een XML\u202fparser\u202fvoor\u202fhet verwerken van de requests. Hierbij is de XML\u202fparser\u202fdusdanig geconfigureerd, dat deze interpretatie van Document Type\u202fDefinitions\u202fen het gebruik van externe (parameter) entiteiten ondersteunt. Dit zorgt ervoor dat het endpoint\u202fgebruikt kan worden om content uit externe bronnen\u202fte\u202flezen, waaronder lokale bestanden van de onderliggende server en andere servers in het LAN.<\/p><p>PoC:<br \/><code>curl -i -s -k --data-binary ' %y; ]&gt;\u00a0' -X $'POST' https:\/\/[target]\/SASBIWS\/rest\/services -H $'Content-Type: application\/xml'<\/code><br \/>Informatie en fix:\u00a0<a href=\"https:\/\/support.sas.com\/kb\/62\/987.html\">http:\/\/support.sas.com\/kb\/62\/987.html<\/a><br \/>CVE:\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-20733\" target=\"_blank\" rel=\"noopener\">CVE-2018-20733<\/a><\/p><h3>Unauthenticated Java deserialisatie in SAS Web Infra Platform en Search Interface to SAS Content<\/h3><p>Meerdere webservices op de SAS applicatie zijn kwetsbaar voor Java deserialisatie aanvallen. De SAS applicatie bevat webservices, waarvan een aantal geserialiseerde Java objecten als invoer verwacht. De webservices voeren geen controle uit of de invoer van een vertrouwde bron komt. Hierdoor kunnen deze webservices gebruikt worden om willekeurige Java objecten te laten deserialiseren, wat in veel gevallen kan leiden tot ongewenste resultaten, waaronder volledige overname van de server.<\/p><p>PoC:<br \/><code>java -jar ysoserial.jar BeanShell1 \"nslookup rcetest.[target].com\"<\/code><br \/><code>curl -i -s -k \u2014data-binary sas_beanshell.txt -X $'POST' https:\/\/[target]\/SASWIPClientAccess\/remote\/ServiceRegistry -H \"Content-type: application\/java\"<\/code><br \/>Informatie en fix:\u00a0<a href=\"https:\/\/support.sas.com\/kb\/63\/391.html\">https:\/\/support.sas.com\/kb\/63\/391.html<\/a><br \/>CVE:\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-20732\" target=\"_blank\" rel=\"noopener\">CVE-2018-20732<\/a><\/p><h3>Reflected Cross-Site Scripting SAS Logon Manager 9.4<\/h3><p>De timeout pagina op https:\/\/[target]\/SASLogon\/timeout is nog steeds kwetsbaar voor reflected Cross-Site Scripting. Wanneer er een GET parameter met JavaScript code wordt toegevoegd aan de URL, wordt deze na het klikken op afmelden toegevoegd aan de window.location.href. en wordt de code uitgevoerd.<\/p><p>PoC:<br \/><code>https:\/\/[target]\/SASLogon\/timeout?qq';alert(1);a= 'a<\/code><br \/>Informatie en fix:\u00a0<a href=\"https:\/\/support.sas.com\/kb\/55\/537.html\">http:\/\/support.sas.com\/kb\/55\/537.html<\/a><br \/>CVE:\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-9281\" target=\"_blank\" rel=\"noopener\">CVE-2015-9281<\/a><\/p><p>\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Meerdere webservices op de SAS applicatie zijn kwetsbaar voor Java deserialisatie aanvallen en het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External\u202fEntity\u202faanvallen. Unauthenticated XML External Entities in SAS BI Web Services 9.4 Het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External\u202fEntity\u202faanvallen. Er wordt door de REST services gebruik gemaakt van een XML\u202fparser\u202fvoor\u202fhet verwerken van de [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":607,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"elementor_header_footer","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[],"class_list":["post-6608","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kwetsbaarheden"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"Meerdere webservices op de SAS applicatie zijn kwetsbaar voor Java deserialisatie aanvallen en het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External Entity aanvallen.Unauthenticated XML External Entities in SAS BI Web Services 9.4Het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External Entity aanvallen. Er wordt door de REST services gebruik gemaakt van een XML parser voor het verwerken van de requests. Hierbij\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Bas Labordus\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_GB\" \/>\n\t\t<meta property=\"og:site_name\" content=\"The S-Unit \u2013 Your Security Companion\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"The S-Unit vindt drie high impact vulnerabilities in SAS Business Intelligence software \u2013 The S-Unit\" \/>\n\t\t<meta property=\"og:description\" content=\"Meerdere webservices op de SAS applicatie zijn kwetsbaar voor Java deserialisatie aanvallen en het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External Entity aanvallen.Unauthenticated XML External Entities in SAS BI Web Services 9.4Het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External Entity aanvallen. Er wordt door de REST services gebruik gemaakt van een XML parser voor het verwerken van de requests. Hierbij\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2021\/04\/logo-simple.svg\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2021\/04\/logo-simple.svg\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2021-04-14T11:27:53+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2024-07-26T10:00:16+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"The S-Unit vindt drie high impact vulnerabilities in SAS Business Intelligence software \u2013 The S-Unit\" \/>\n\t\t<meta name=\"twitter:description\" content=\"Meerdere webservices op de SAS applicatie zijn kwetsbaar voor Java deserialisatie aanvallen en het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External Entity aanvallen.Unauthenticated XML External Entities in SAS BI Web Services 9.4Het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External Entity aanvallen. Er wordt door de REST services gebruik gemaakt van een XML parser voor het verwerken van de requests. Hierbij\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2021\/04\/logo-simple.svg\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\\\/#blogposting\",\"name\":\"The S-Unit vindt drie high impact vulnerabilities in SAS Business Intelligence software \\u2013 The S-Unit\",\"headline\":\"The S-Unit vindt drie high impact vulnerabilities in SAS Business Intelligence software\",\"author\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/author\\\/blabla\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/the-s-unit.nl\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/vulnerabilidades.jpg\",\"width\":800,\"height\":450},\"datePublished\":\"2021-04-14T13:27:53+02:00\",\"dateModified\":\"2024-07-26T12:00:16+02:00\",\"inLanguage\":\"en-GB\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\\\/#webpage\"},\"articleSection\":\"Kwetsbaarheden\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/the-s-unit.nl\\\/en\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/category\\\/kwetsbaarheden\\\/#listItem\",\"name\":\"Kwetsbaarheden\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/category\\\/kwetsbaarheden\\\/#listItem\",\"position\":2,\"name\":\"Kwetsbaarheden\",\"item\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/category\\\/kwetsbaarheden\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\\\/#listItem\",\"name\":\"The S-Unit vindt drie high impact vulnerabilities in SAS Business Intelligence software\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\\\/#listItem\",\"position\":3,\"name\":\"The S-Unit vindt drie high impact vulnerabilities in SAS Business Intelligence software\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/category\\\/kwetsbaarheden\\\/#listItem\",\"name\":\"Kwetsbaarheden\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/#organization\",\"name\":\"The S-Unit\",\"description\":\"Your Security Companion\",\"url\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/\",\"telephone\":\"+31302074177\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"\\\/\\\/the-s-unit.nl\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/logo-simple.svg\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\\\/#organizationLogo\"},\"image\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\\\/#organizationLogo\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/the-s-unit\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/author\\\/blabla\\\/#author\",\"url\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/author\\\/blabla\\\/\",\"name\":\"Bas Labordus\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\\\/#authorImage\",\"url\":\"https:\\\/\\\/the-s-unit.nl\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/cropped-S-U_37841_E_024-scaled-1-96x96.jpeg\",\"width\":96,\"height\":96,\"caption\":\"Bas Labordus\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\\\/#webpage\",\"url\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\\\/\",\"name\":\"The S-Unit vindt drie high impact vulnerabilities in SAS Business Intelligence software \\u2013 The S-Unit\",\"description\":\"Meerdere webservices op de SAS applicatie zijn kwetsbaar voor Java deserialisatie aanvallen en het rest endpoint \\\/SASBIWS\\\/rest\\\/services is kwetsbaar voor XML External Entity aanvallen.Unauthenticated XML External Entities in SAS BI Web Services 9.4Het rest endpoint \\\/SASBIWS\\\/rest\\\/services is kwetsbaar voor XML External Entity aanvallen. Er wordt door de REST services gebruik gemaakt van een XML parser voor het verwerken van de requests. Hierbij\",\"inLanguage\":\"en-GB\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/author\\\/blabla\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/author\\\/blabla\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/the-s-unit.nl\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/vulnerabilidades.jpg\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\\\/#mainImage\",\"width\":800,\"height\":450},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\\\/#mainImage\"},\"datePublished\":\"2021-04-14T13:27:53+02:00\",\"dateModified\":\"2024-07-26T12:00:16+02:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/\",\"name\":\"The S-Unit\",\"description\":\"Your Security Companion\",\"inLanguage\":\"en-GB\",\"publisher\":{\"@id\":\"https:\\\/\\\/the-s-unit.nl\\\/en\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"The S-Unit vindt drie high impact vulnerabilities in SAS Business Intelligence software \u2013 The S-Unit","description":"Meerdere webservices op de SAS applicatie zijn kwetsbaar voor Java deserialisatie aanvallen en het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External Entity aanvallen.Unauthenticated XML External Entities in SAS BI Web Services 9.4Het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External Entity aanvallen. Er wordt door de REST services gebruik gemaakt van een XML parser voor het verwerken van de requests. Hierbij","canonical_url":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/#blogposting","name":"The S-Unit vindt drie high impact vulnerabilities in SAS Business Intelligence software \u2013 The S-Unit","headline":"The S-Unit vindt drie high impact vulnerabilities in SAS Business Intelligence software","author":{"@id":"https:\/\/the-s-unit.nl\/en\/author\/blabla\/#author"},"publisher":{"@id":"https:\/\/the-s-unit.nl\/en\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2021\/04\/vulnerabilidades.jpg","width":800,"height":450},"datePublished":"2021-04-14T13:27:53+02:00","dateModified":"2024-07-26T12:00:16+02:00","inLanguage":"en-GB","mainEntityOfPage":{"@id":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/#webpage"},"isPartOf":{"@id":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/#webpage"},"articleSection":"Kwetsbaarheden"},{"@type":"BreadcrumbList","@id":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/the-s-unit.nl\/en#listItem","position":1,"name":"Home","item":"https:\/\/the-s-unit.nl\/en","nextItem":{"@type":"ListItem","@id":"https:\/\/the-s-unit.nl\/en\/category\/kwetsbaarheden\/#listItem","name":"Kwetsbaarheden"}},{"@type":"ListItem","@id":"https:\/\/the-s-unit.nl\/en\/category\/kwetsbaarheden\/#listItem","position":2,"name":"Kwetsbaarheden","item":"https:\/\/the-s-unit.nl\/en\/category\/kwetsbaarheden\/","nextItem":{"@type":"ListItem","@id":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/#listItem","name":"The S-Unit vindt drie high impact vulnerabilities in SAS Business Intelligence software"},"previousItem":{"@type":"ListItem","@id":"https:\/\/the-s-unit.nl\/en#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/#listItem","position":3,"name":"The S-Unit vindt drie high impact vulnerabilities in SAS Business Intelligence software","previousItem":{"@type":"ListItem","@id":"https:\/\/the-s-unit.nl\/en\/category\/kwetsbaarheden\/#listItem","name":"Kwetsbaarheden"}}]},{"@type":"Organization","@id":"https:\/\/the-s-unit.nl\/en\/#organization","name":"The S-Unit","description":"Your Security Companion","url":"https:\/\/the-s-unit.nl\/en\/","telephone":"+31302074177","logo":{"@type":"ImageObject","url":"\/\/the-s-unit.nl\/wp-content\/uploads\/2021\/04\/logo-simple.svg","@id":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/#organizationLogo"},"image":{"@id":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/#organizationLogo"},"sameAs":["https:\/\/www.linkedin.com\/company\/the-s-unit"]},{"@type":"Person","@id":"https:\/\/the-s-unit.nl\/en\/author\/blabla\/#author","url":"https:\/\/the-s-unit.nl\/en\/author\/blabla\/","name":"Bas Labordus","image":{"@type":"ImageObject","@id":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/#authorImage","url":"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2023\/07\/cropped-S-U_37841_E_024-scaled-1-96x96.jpeg","width":96,"height":96,"caption":"Bas Labordus"}},{"@type":"WebPage","@id":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/#webpage","url":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/","name":"The S-Unit vindt drie high impact vulnerabilities in SAS Business Intelligence software \u2013 The S-Unit","description":"Meerdere webservices op de SAS applicatie zijn kwetsbaar voor Java deserialisatie aanvallen en het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External Entity aanvallen.Unauthenticated XML External Entities in SAS BI Web Services 9.4Het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External Entity aanvallen. Er wordt door de REST services gebruik gemaakt van een XML parser voor het verwerken van de requests. Hierbij","inLanguage":"en-GB","isPartOf":{"@id":"https:\/\/the-s-unit.nl\/en\/#website"},"breadcrumb":{"@id":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/#breadcrumblist"},"author":{"@id":"https:\/\/the-s-unit.nl\/en\/author\/blabla\/#author"},"creator":{"@id":"https:\/\/the-s-unit.nl\/en\/author\/blabla\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2021\/04\/vulnerabilidades.jpg","@id":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/#mainImage","width":800,"height":450},"primaryImageOfPage":{"@id":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/#mainImage"},"datePublished":"2021-04-14T13:27:53+02:00","dateModified":"2024-07-26T12:00:16+02:00"},{"@type":"WebSite","@id":"https:\/\/the-s-unit.nl\/en\/#website","url":"https:\/\/the-s-unit.nl\/en\/","name":"The S-Unit","description":"Your Security Companion","inLanguage":"en-GB","publisher":{"@id":"https:\/\/the-s-unit.nl\/en\/#organization"}}]},"og:locale":"en_GB","og:site_name":"The S-Unit \u2013 Your Security Companion","og:type":"article","og:title":"The S-Unit vindt drie high impact vulnerabilities in SAS Business Intelligence software \u2013 The S-Unit","og:description":"Meerdere webservices op de SAS applicatie zijn kwetsbaar voor Java deserialisatie aanvallen en het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External Entity aanvallen.Unauthenticated XML External Entities in SAS BI Web Services 9.4Het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External Entity aanvallen. Er wordt door de REST services gebruik gemaakt van een XML parser voor het verwerken van de requests. Hierbij","og:url":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/","og:image":"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2021\/04\/logo-simple.svg","og:image:secure_url":"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2021\/04\/logo-simple.svg","article:published_time":"2021-04-14T11:27:53+00:00","article:modified_time":"2024-07-26T10:00:16+00:00","twitter:card":"summary_large_image","twitter:title":"The S-Unit vindt drie high impact vulnerabilities in SAS Business Intelligence software \u2013 The S-Unit","twitter:description":"Meerdere webservices op de SAS applicatie zijn kwetsbaar voor Java deserialisatie aanvallen en het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External Entity aanvallen.Unauthenticated XML External Entities in SAS BI Web Services 9.4Het rest endpoint \/SASBIWS\/rest\/services is kwetsbaar voor XML External Entity aanvallen. Er wordt door de REST services gebruik gemaakt van een XML parser voor het verwerken van de requests. Hierbij","twitter:image":"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2021\/04\/logo-simple.svg"},"aioseo_meta_data":{"post_id":"6608","title":null,"description":null,"keywords":null,"keyphrases":{"focus":{"keyphrase":"","score":0,"analysis":{"keyphraseInTitle":{"score":0,"maxScore":9,"error":1}}},"additional":[]},"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"BlogPosting","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2024-07-26 09:24:25","updated":"2025-06-04 05:14:52","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/the-s-unit.nl\/en\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/the-s-unit.nl\/en\/category\/kwetsbaarheden\/\" title=\"Kwetsbaarheden\">Kwetsbaarheden<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tThe S-Unit vindt drie high impact vulnerabilities in SAS Business Intelligence software\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/the-s-unit.nl\/en"},{"label":"Kwetsbaarheden","link":"https:\/\/the-s-unit.nl\/en\/category\/kwetsbaarheden\/"},{"label":"The S-Unit vindt drie high impact vulnerabilities in SAS Business Intelligence software","link":"https:\/\/the-s-unit.nl\/en\/the-s-unit-vindt-drie-high-impact-vulnerabilities-in-sas-business-intelligence-software\/"}],"jetpack_featured_media_url":"https:\/\/the-s-unit.nl\/wp-content\/uploads\/2021\/04\/vulnerabilidades.jpg","_links":{"self":[{"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/posts\/6608","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/comments?post=6608"}],"version-history":[{"count":8,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/posts\/6608\/revisions"}],"predecessor-version":[{"id":6616,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/posts\/6608\/revisions\/6616"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/media\/607"}],"wp:attachment":[{"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/media?parent=6608"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/categories?post=6608"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/the-s-unit.nl\/en\/wp-json\/wp\/v2\/tags?post=6608"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}