Severity: Medium

Description: The DashboardRuntime.swf component of SAS BI Dashboard contains a cross-site scripting vulnerability.

Potential Impact: An attacker can inject malicious code that, in turn, can be executed unknowingly by a user.

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

A fix for this issue for SAS Flex Application Themes 4.7.2 is available at:

A fix for this issue for SAS Middle Tier 9.4_M5 is available at:

A fix for this issue for SAS BI Dashboard 4.4_M5 is available at:

A fix for this issue for SAS Flex Application Themes 4.7.1 is available at:

A fix for this issue for SAS Middle Tier 9.4_M4 is available at:

A fix for this issue for SAS BI Dashboard 4.4_M4 is available at:

A fix for this issue for SAS Middle Tier 9.4_M3 is available at:

A fix for this issue for SAS BI Dashboard 4.4_M3 is available at:

A fix for this issue for SAS Flex Application Themes 4.6 is available at:

A fix for this issue for SAS Middle Tier 9.4_M2 is available at:

A fix for this issue for SAS BI Dashboard 4.4_M2 is available at:

A fix for this issue for SAS Flex Application Themes 4.3 is available at:

A fix for this issue for SAS Middle Tier 9.4_M1 is available at:

A fix for this issue for SAS BI Dashboard 4.4_M1 is available at:

A fix for this issue for SAS Flex Application Themes 4.2 is available at:

A fix for this issue for SAS Middle Tier 9.4 is available at: