62232 - SAS® Anti-Money Laundering contains a cross-site scripting vulnerability

Support

Submit a Problem
Update a Problem
Check Problem Status
SAS Administrators
Security Bulletins
License Assistance
Manage My Software Account
Downloads & Hot Fixes
Samples & SAS Notes

Problem Note 62232: SAS® Anti-Money Laundering contains a cross-site scripting vulnerability

Details

Hotfix

About

Rate It

Severity: Medium

Description: URL parameters are not validated, which allows a reflected cross-site scripting (XSS) vulnerability to exist.

Potential Impact: HTML or JavaScript code could be injected into a web page.

Click the Hot Fix tab in this note to access the hot fix for this issue.

This security vulnerability is fixed in Hot Fix 4 (A5T005).

Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
Product Family	Product	System	Reported	Fixed*	Reported	Fixed*
SAS System	SAS Anti-Money Laundering	Microsoft® Windows® for x64	7.1
		64-bit Enabled AIX	7.1
		64-bit Enabled Solaris	7.1
		Linux for x64	7.1

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

A fix for this issue for SAS Compliance Solutions 7.1 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/A5T.html#62232

Type:	Problem Note
Priority:	alert

Date Modified:	2019-04-10 07:30:22
Date Created:	2018-04-27 18:01:19