Severity: Medium

Description: An IDOR vulnerability in SAS Environment Manager might allow unauthorized access to the Groovy Console plugin by directly manipulating request parameters. Although the plug-in is not exposed in the user interface, it remains accessible if its internal identifier is known. This issue affects SAS^® 9.4M8 (TS1M8) and later versions.

Potential Impact: This vulnerability might allow unauthorized users to access the Groovy Console plug-in, which is not intended to be exposed. As a result, limited unauthorized access to functionality within SAS Environment Manager can occur.