CVE-2007-6763

Published: Jul 31, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.

Affected (1)

Products: Sas: Sas Drug Development

Sas

1 product

Sas Drug Development

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sas Sas Drug Development	Before 32drg02

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

http://ftp.sas.com/techsup/download/hotfix/drugdev/32drg02/SDD_Release_Notes_32DRG02.pdf

Source: cve@mitre.org

Vendor Advisory

http://ftp.sas.com/techsup/download/hotfix/drugdev/32drg02/SDD_Release_Notes_32DRG02.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.