Problem Note 63446: SAS® Environment Manager contains an Apache Tomcat security vulnerability
 |  |  |  |  |
Severity: High
Description: A vulnerability in Apache Tomcat affects SAS Environment Manager. Details about the vulnerability are available in CVE-2018-11784.
Potential Impact: Attackers can use a specially crafted URL to cause Apache Tomcat to redirect the user to any URI of the attackers choice. See the CVE details in the link listed above.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | SAS Release | |
| Reported | Fixed* | |||
| SAS System | SAS Environment Manager | Microsoft® Windows® for x64 | 9.4 TS1M0 | |
| 64-bit Enabled AIX | 9.4 TS1M0 | |||
| 64-bit Enabled Solaris | 9.4 TS1M0 | |||
| HP-UX IPF | 9.4 TS1M0 | |||
| Linux for x64 | 9.4 TS1M0 | |||
| Solaris for x64 | 9.4 TS1M0 | |||
A fix for this issue for SAS Environment Manager 2.5_M3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E8M.html#63446A fix for this issue for SAS Environment Manager 2.5_M2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/B7R.html#63446| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2019-01-10 07:56:52 |
| Date Created: | 2019-01-03 16:16:40 |