Problem Note 63440: SAS® Environment Manager contains an Apache Commons FileUpload library with known vulnerabilities
 |  |  |  |  |
Severity: High
Description: SAS Environment Manager contains a version of an Apache Commons FileUpload library that might enable remote file manipulation and code execution. See CVE-2016-1000031 for details.
Potential Impact: Attackers might be able to write or copy files or to execute malicious code.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Note: This hot fix is only available for SAS® 9.4M5 (TS1M5), and the hot fix should be applied in conjunction with the SAS Security Update for SAS® 9.4M5 (TS1M5), which addresses CVE-2016-1000031 within the SAS Versioned JAR Repository for SAS 9.4M5.
Operating System and Release Information
| Product Family | Product | System | SAS Release | |
| Reported | Fixed* | |||
| SAS System | SAS Environment Manager | HP-UX IPF | 9.4 TS1M5 | 9.4 TS1M6 |
| Microsoft® Windows® for x64 | 9.4 TS1M5 | 9.4 TS1M6 | ||
| 64-bit Enabled Solaris | 9.4 TS1M5 | 9.4 TS1M6 | ||
| 64-bit Enabled AIX | 9.4 TS1M5 | 9.4 TS1M6 | ||
| Linux for x64 | 9.4 TS1M5 | 9.4 TS1M6 | ||
| Solaris for x64 | 9.4 TS1M5 | 9.4 TS1M6 | ||
A fix for this issue for SAS Environment Manager 2.5_M2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/B7R.html#63440| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2019-01-10 07:56:17 |
| Date Created: | 2019-01-03 09:20:14 |