Problem Note 60265: Arbitrary redirection from SAS® 9.4 Logon Manager results in a phishing vulnerability
 |  |  |  |  |
Severity: Medium
Description: Arbitrary redirection from the logoff URL in SAS 9.4 Logon Manager results in a phishing vulnerability.
Potential Impact: It is possible that the logon service can be manipulated to redirect users to malicious URLs in order to capture their credentials or to otherwise compromise the system.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | SAS Release | |
| Reported | Fixed* | |||
| SAS System | SAS Web Infrastructure Platform | Microsoft® Windows® for x64 | 9.4 TS1M0 | 9.4 TS1M5 |
| 64-bit Enabled AIX | 9.4 TS1M0 | 9.4 TS1M5 | ||
| 64-bit Enabled Solaris | 9.4 TS1M0 | 9.4 TS1M5 | ||
| HP-UX IPF | 9.4 TS1M0 | 9.4 TS1M5 | ||
| Linux for x64 | 9.4 TS1M0 | 9.4 TS1M5 | ||
| Solaris for x64 | 9.4 TS1M0 | 9.4 TS1M5 | ||
A fix for this issue for SAS Middle Tier 9.4_M4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/A4I.html#60265A fix for this issue for SAS Middle Tier 9.4_M3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/V10.html#60265A fix for this issue for SAS Middle Tier 9.4_M2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/R75.html#60265A fix for this issue for SAS Middle Tier 9.4_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/M92.html#60265| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2018-02-22 10:33:31 |
| Date Created: | 2017-04-06 15:15:30 |