Problem Note 62039: Lack of URL sanitization in SAS® Contextual Analysis
Title: Lack of URL sanitization in SAS Contextual Analysis
Severity: Medium
Description: SAS Contextual Analysis URL accepts JavaScript code as a parameter, and executes the JavaScript code on the browser.
Potential Impact: You might unknowingly execute malicious code.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
SAS System | SAS Contextual Analysis | Microsoft® Windows® for x64 | 14.2 | | 9.4 TS1M4 | |
64-bit Enabled AIX | 14.2 | | 9.4 TS1M4 | |
64-bit Enabled Solaris | 14.2 | | 9.4 TS1M4 | |
HP-UX IPF | 14.2 | | 9.4 TS1M4 | |
Linux for x64 | 14.2 | | 9.4 TS1M4 | |
Solaris for x64 | 14.2 | | 9.4 TS1M4 | |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Problem Note |
Priority: | medium |
Date Modified: | 2018-04-06 11:35:51 |
Date Created: | 2018-03-23 14:48:45 |