Severity: High

Description: The web application does not properly reset a session value after you log on, which makes the application susceptible to session fixation.

Potential Impact: An attacker can gain access to the application through a valid user's authenticated session.

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

A fix for this issue for SAS Web Application Server 9.44 is available at:

A fix for this issue for SAS Portal and Portlets 4.4_M5 is available at:

A fix for this issue for SAS Web Application Server 9.43 is available at:

A fix for this issue for SAS Middle Tier 9.4_M3 is available at:

A fix for this issue for SAS Web Application Server 9.42 is available at:

A fix for this issue for SAS Portal and Portlets 4.4_M3 is available at:

A fix for this issue for SAS Middle Tier 9.4_M2 is available at:

A fix for this issue for SAS Web Application Server 9.41 is available at:

A fix for this issue for SAS Portal and Portlets 4.4_M2 is available at:

A fix for this issue for SAS Portal and Portlets 4.4_M4 is available at: