SUPPORT / SAMPLES & SAS NOTES
Problem Note 62955: SAS® Environment Manager contains vulnerable Apache Struts libraries
 |  |  |  |  |
Severity: High
Description: SAS Environment Manager contains Apache Struts libraries that have known vulnerabilities. Details about the vulnerabilities are available in the following CVE documents:
- CVE-2011-5057
- CVE-2012-0391
- CVE-2012-0392
- CVE-2012-0393
- CVE-2012-0394
- CVE-2012-1007
- CVE-2013-1965
- CVE-2013-1966
- CVE-2013-2134
- CVE-2013-2135
- CVE-2014-0094
- CVE-2014-0112
- CVE-2014-0113
- CVE-2014-0114
- CVE-2015-0899
- CVE-2015-5169
- CVE-2016-1181
- CVE-2016-1182
- CVE-2016-4003
Potential Impact: The impact varies. See the CVE details in the links listed above.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | SAS Release | |
| Reported | Fixed* | |||
| SAS System | SAS Environment Manager | Microsoft® Windows® for x64 | 9.4 TS1M0 | 9.4 TS1M6 |
| 64-bit Enabled AIX | 9.4 TS1M0 | 9.4 TS1M6 | ||
| 64-bit Enabled Solaris | 9.4 TS1M0 | 9.4 TS1M6 | ||
| HP-UX IPF | 9.4 TS1M0 | 9.4 TS1M6 | ||
| Linux for x64 | 9.4 TS1M0 | 9.4 TS1M6 | ||
| Solaris for x64 | 9.4 TS1M0 | 9.4 TS1M6 | ||