Problem Note 62494: SAS® Visual Analytics contains an XML External Entity (XXE) vulnerability
 |  |  |  |  |
Severity: High
Description: The SAS Visual Analytics application accepts XML documents and processes external entities defined therein, within the View Report area of the application.
Potential Impact: This vulnerability might be exploited to gain unauthorized access to files on the file system or to perform a Denial of Service attack.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Visual Analytics | Microsoft® Windows® for x64 | 7.4 | 8.3 | Viya | |
| Linux for x64 | 7.4 | 8.3 | Viya | |||
An update for this issue is available for SAS Viya 3.3. For instructions on how to access and apply software updates, see the Managing Your Software section of the SAS Viya 3.3 Administration document at
http://documentation.sas.com/?softwareId=administration&softwareVersion=3.3&softwareContextId=softwareUpdatesA fix for this issue for SAS Visual Analytics 7.4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/B2B.html#62494A fix for this issue for SAS Visual Analytics 7.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/V90.html#62494| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2019-03-13 12:57:40 |
| Date Created: | 2018-06-20 08:39:08 |