Problem Note 62039: Lack of URL sanitization in SAS® Contextual Analysis
 |  |  |  |  |
Title: Lack of URL sanitization in SAS Contextual Analysis
Severity: Medium
Description: SAS Contextual Analysis URL accepts JavaScript code as a parameter, and executes the JavaScript code on the browser.
Potential Impact: You might unknowingly execute malicious code.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Contextual Analysis | Microsoft® Windows® for x64 | 14.2 | 9.4 TS1M4 | ||
| 64-bit Enabled AIX | 14.2 | 9.4 TS1M4 | ||||
| 64-bit Enabled Solaris | 14.2 | 9.4 TS1M4 | ||||
| HP-UX IPF | 14.2 | 9.4 TS1M4 | ||||
| Linux for x64 | 14.2 | 9.4 TS1M4 | ||||
| Solaris for x64 | 14.2 | 9.4 TS1M4 | ||||
A fix for this issue for SAS Contextual Analysis 14.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/C4A.html#62039A fix for this issue for SAS Flex Application Themes 4.7.2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/B7N.html#62039A fix for this issue for SAS Contextual Analysis 14.2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/C3X.html#62039A fix for this issue for SAS Flex Application Themes 4.7.1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/A7Y.html#62039| Type: | Problem Note |
| Priority: | medium |
| Date Modified: | 2018-04-06 11:35:51 |
| Date Created: | 2018-03-23 14:48:45 |