Problem Note 56560: SAS® Content Server is vulnerable to an XML external entity exploitation (CVE-2015-1833)
 |  |  |  |  |
Severity: Medium
Description: SAS Content Server is vulnerable to an XML external entity exploitation, as described in the Vulnerability Summary for CVE-2015-1833.
Potential Impact: An attacker might gain unauthorized access to files.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | SAS Release | |
| Reported | Fixed* | |||
| SAS System | SAS Content Server | Microsoft® Windows® for x64 | 9.3 TS1M0 | 9.4 TS1M4 |
| Microsoft Windows Server 2003 Datacenter Edition | 9.3 TS1M0 | |||
| Microsoft Windows Server 2003 Enterprise Edition | 9.3 TS1M0 | |||
| Microsoft Windows Server 2003 Standard Edition | 9.3 TS1M0 | |||
| Microsoft Windows Server 2003 for x64 | 9.3 TS1M0 | |||
| Microsoft Windows Server 2008 | 9.3 TS1M0 | 9.4 TS1M4 | ||
| Microsoft Windows Server 2008 R2 | 9.3 TS1M0 | 9.4 TS1M4 | ||
| Microsoft Windows Server 2008 for x64 | 9.3 TS1M0 | 9.4 TS1M4 | ||
| Microsoft Windows XP Professional | 9.3 TS1M0 | |||
| Windows 7 Enterprise 32 bit | 9.3 TS1M0 | 9.4 TS1M4 | ||
| Windows 7 Enterprise x64 | 9.3 TS1M0 | 9.4 TS1M4 | ||
| Windows 7 Home Premium 32 bit | 9.3 TS1M0 | 9.4 TS1M4 | ||
| Windows 7 Home Premium x64 | 9.3 TS1M0 | 9.4 TS1M4 | ||
| Windows 7 Professional 32 bit | 9.3 TS1M0 | 9.4 TS1M4 | ||
| Windows 7 Professional x64 | 9.3 TS1M0 | 9.4 TS1M4 | ||
| Windows 7 Ultimate 32 bit | 9.3 TS1M0 | 9.4 TS1M4 | ||
| Windows 7 Ultimate x64 | 9.3 TS1M0 | 9.4 TS1M4 | ||
| Windows Vista | 9.3 TS1M0 | |||
| Windows Vista for x64 | 9.3 TS1M0 | |||
| Linux | 9.3 TS1M0 | 9.4 TS1M4 | ||
| Linux for x64 | 9.3 TS1M0 | 9.4 TS1M4 | ||
A fix for this issue for SAS Management Console 9.4_M3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/V11.html#56560A fix for this issue for SAS Middle Tier 9.4_M3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/V10.html#56560A fix for this issue for SAS Middle Tier 9.4_M2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/R75.html#56560A fix for this issue for SAS Middle Tier 9.4_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/M92.html#56560A fix for this issue for SAS Middle Tier 9.4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/L49.html#56560A fix for this issue for SAS Middle Tier 9.3_M2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/I14.html#56560A fix for this issue for SAS Middle Tier 9.3_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/G38.html#56560A fix for this issue for SAS MIddle Tier 9.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/P72.html#56560| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2015-09-09 15:30:19 |
| Date Created: | 2015-09-09 09:58:08 |