Problem Note 62987: SAS® BI Web Services contains an XML External Entity (XXE) vulnerability
Severity: Medium
Description: The web application allows document type definitions and external entities from potentially untrustworthy XML.
Potential Impact: An attacker might gain unauthorized access to files on the server.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
SAS System | SAS Web Infrastructure Platform | Microsoft® Windows® for x64 | 9.4_M3 | 9.4_M6 | 9.4 TS1M3 | 9.4 TS1M6 |
64-bit Enabled AIX | 9.4_M3 | 9.4_M6 | 9.4 TS1M3 | 9.4 TS1M6 |
64-bit Enabled Solaris | 9.4_M3 | 9.4_M6 | 9.4 TS1M3 | 9.4 TS1M6 |
HP-UX IPF | 9.4_M3 | 9.4_M6 | 9.4 TS1M3 | 9.4 TS1M6 |
Linux for x64 | 9.4_M3 | 9.4_M6 | 9.4 TS1M3 | 9.4 TS1M6 |
Solaris for x64 | 9.4_M3 | 9.4_M6 | 9.4 TS1M3 | 9.4 TS1M6 |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Problem Note |
Priority: | high |
Date Modified: | 2019-01-04 13:09:48 |
Date Created: | 2018-09-26 10:19:04 |