Problem Note 64932: The jackson-databind 2.9.7 libraries that are included with SAS® Web Application Server 9.45 contain known vulnerabilities
 |  |  |  |  |
Severity: Medium
Description: The jackson-databind 2.9.7 libraries that are included with SAS Web Application Server 9.45 contain multiple known vulnerabilities (for example, those that are described in CVE-2019-12384).
Potential Impact: These vulnerabilities can have varied impact, including the potential for remote code execution. See the CVE record for details.
Click the Hot Fix tab in this note to access the hot fix for this issue. This hot fix upgrades the affected libraries to version 2.9.10.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Web Application Server | Microsoft® Windows® for x64 | 9.45 | 9.4 TS1M6 | ||
| 64-bit Enabled AIX | 9.45 | 9.4 TS1M6 | ||||
| 64-bit Enabled Solaris | 9.45 | 9.4 TS1M6 | ||||
| HP-UX IPF | 9.45 | 9.4 TS1M6 | ||||
| Linux for x64 | 9.45 | 9.4 TS1M6 | ||||
| Solaris for x64 | 9.45 | 9.4 TS1M6 | ||||
A fix for this issue for SAS Web Application Server 9.45 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E3V.html#64932| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2019-11-04 08:32:54 |
| Date Created: | 2019-10-15 08:39:48 |