57612 - The Apache Commons Collections library is vulnerable to remote code execution

Problem Note 57612: The Apache Commons Collections library is vulnerable to remote code execution

Severity: Critical

Description: The Apache Commons Collections library, which is used by many SAS^® products, is vulnerable to remote code execution. For information about exposure and fixes, see SAS Statement Regarding the Java Deserialization Vulnerability.

Potential Impact: An attacker might execute malicious code on the server.

Click the Hot Fix tab in this note to access the hot fix for this issue.

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

A fix for this issue for SAS Environment Manager Enablement Kit 2.2 is available at:

A fix for this issue for SAS Environment Manager 2.5 is available at:

A fix for this issue for Supplemental Hot Fix for SAS Security Update 9.4_M3 is available at:

A fix for this issue for SAS Environment Manager Agent 2.5 is available at:

A fix for this issue for SAS Environment Manager 2.3 is available at:

A fix for this issue for SAS Environment Manager 2.1_M1 is available at:

A fix for this issue for SAS Web Server 9.4_M1 is available at:

A fix for this issue for SAS Environment Manager 2.1 is available at:

A fix for this issue for SAS Environment Manager Agent 2.1 is available at:

A fix for this issue for SAS Web Server 9.4 is available at:

The Apache Commons Collections library, used by many SAS® products, is vulnerable to remote code execution.

Type:	Problem Note
Priority:	alert

Date Modified:	2018-04-05 11:38:04
Date Created:	2016-02-09 10:07:47