Problem Note 62182: Platform Web Services for SAS® contains FasterXML jackson-databind files with known vulnerabilities
 |  |  |  |  |
Severity: Critical
Description: The web application might allow for unauthenticated remote code execution.
Potential Impact: An unauthenticated user could execute malicious code remotely.
Click the Downloads tab in this note to access a patch for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | Platform Web Services for SAS | Microsoft® Windows® for x64 | 1.5 | 9.4 TS1M5 | ||
| 64-bit Enabled AIX | 1.5 | 9.4 TS1M5 | ||||
| 64-bit Enabled Solaris | 1.5 | 9.4 TS1M5 | ||||
| HP-UX IPF | 1.5 | 9.4 TS1M5 | ||||
| Linux for x64 | 1.5 | 9.4 TS1M5 | ||||
| Solaris for x64 | 1.5 | 9.4 TS1M5 | ||||
If you are running Platform Web Services 9.1.3.2, download the patch from the following page: http://ftp.sas.com/techsup/download/hotfix/platformpatch.html#C8H001
| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2018-06-15 16:37:46 |
| Date Created: | 2018-04-23 12:40:08 |