Problem Note 63519: SAS® Web Report Studio contains parameter-sanitization vulnerabilites
 |  |  |  |  |
Severity: High
Description: Improper parameter sanitization might expose SAS Web Report Studio to cross-site scripting vulnerabilities.
Potential Impact: Users can unknowingly execute malicious code that is injected into parameter values.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Web Report Studio | Solaris for x64 | 4.4_M6 | 4.4_M7 | 9.4 TS1M6 | 9.4 TS1M7 |
| Linux for x64 | 4.4_M6 | 4.4_M7 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| HP-UX IPF | 4.4_M6 | 4.4_M7 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| 64-bit Enabled Solaris | 4.4_M6 | 4.4_M7 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| 64-bit Enabled AIX | 4.4_M6 | 4.4_M7 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Microsoft® Windows® for x64 | 4.4_M6 | 4.4_M7 | 9.4 TS1M6 | 9.4 TS1M7 | ||
A fix for this issue for SAS Web Report Viewer 4.4_M6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E3F.html#63519A fix for this issue for SAS Web Report Studio 4.4_M6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E3E.html#63519| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2020-04-14 08:08:44 |
| Date Created: | 2019-01-21 13:48:51 |