Problem Note 56326: IBM Security AppScan might return a high-priority report "Reflected XSS method GET" in SAS® Workflow Administrator 1.4 and 1.4_M1
Severity: Medium
Description: When you access the SAS Workflow Administrator web application, you might receive a high-priority Reflected XSS method GET report from security scanners such as IBM Security AppScan. This report indicates that you might have reflected cross-site scripting vulnerabilities that allow escape characters and active JavaScript to potentially be passed and processed on the server without sufficient control and filtering.
Potential Impact: Users might unknowingly execute malicious code.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
SAS System | SAS Workflow Administrator | Linux for x64 | 1.4 | 1.4 | 9.4 TS1M2 | 9.4 TS1M2 |
Microsoft® Windows® for x64 | 1.4 | 1.4 | 9.4 TS1M2 | 9.4 TS1M2 |
HP-UX IPF | 1.4 | 1.4 | 9.4 TS1M2 | 9.4 TS1M2 |
64-bit Enabled AIX | 1.4 | 1.4 | 9.4 TS1M2 | 9.4 TS1M2 |
64-bit Enabled Solaris | 1.4 | 1.4 | 9.4 TS1M2 | 9.4 TS1M2 |
Solaris for x64 | 1.4 | 1.4 | 9.4 TS1M2 | 9.4 TS1M2 |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Escape characters and active JavaScript might potentially be passed and processed on the server without sufficient control and filtering when you access the SAS Workflow Administrator web application.
Type: | Problem Note |
Priority: | medium |
Date Modified: | 2015-08-03 17:22:57 |
Date Created: | 2015-07-31 15:24:45 |