Problem Note 55009: Data not validated by the SAS® Web Application Server might be entered in SAS® Marketing Optimization, creating a security vulnerability
There is a security vulnerability in SAS Marketing Optimization whereby SQL queries are being run on the SAS Web Application Server without validation.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| SAS System | SAS Marketing Optimization | Solaris for x64 | 6.3 | | 9.4 TS1M3 | |
| Linux for x64 | 6.3 | | 9.4 TS1M3 | |
| HP-UX IPF | 6.3 | | 9.4 TS1M3 | |
| 64-bit Enabled Solaris | 6.3 | | 9.4 TS1M3 | |
| 64-bit Enabled AIX | 6.3 | | 9.4 TS1M3 | |
| Microsoft® Windows® for x64 | 6.3 | | 9.4 TS1M3 | |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
It is possible to enter data in SAS Marketing Optimization that has not been validated by the SAS Web Application Server, thereby creating a security vulnerability.
| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2015-03-10 11:24:37 |
| Date Created: | 2015-01-16 11:10:26 |
