SUPPORT / SAMPLES & SAS NOTES
 

Support

Problem Note 60437: A cross-site scripting vulnerability exists in the Preferences web application for SAS® 9.3 TS1M0 and later

DetailsHotfixAboutRate It

Severity: Medium

Description: A cross-site scripting vulnerability exists in the Preferences web application because of the lack of sanitization in URL parameters.

Potential Impact: A user can unknowingly execute malicious code.

Click the Hot Fix tab in this note to access the hot fix for this issue.



Operating System and Release Information

Product FamilyProductSystemProduct ReleaseSAS Release
ReportedFixed*ReportedFixed*
SAS SystemSAS Web Infrastructure Platformz/OS9.39.4_M49.3 TS1M09.4 TS1M4
Microsoft® Windows® for x649.39.4_M49.3 TS1M09.4 TS1M4
64-bit Enabled AIX9.39.4_M49.3 TS1M09.4 TS1M4
64-bit Enabled Solaris9.39.4_M49.3 TS1M09.4 TS1M4
HP-UX IPF9.39.4_M49.3 TS1M09.4 TS1M4
Linux for x649.39.4_M49.3 TS1M09.4 TS1M4
Solaris for x649.39.4_M49.3 TS1M09.4 TS1M4
* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.