Problem Note 64650: SAS® Environment Manager contains XStream libraries with known vulnerabilities
 |  |  |  |  |
Severity: High
Description: The XStream 1.4.10 and 1.2.2 libraries that are included with SAS Environment Manager have the following known vulnerabilities:
Potential Impact: An attacker might leverage these vulnerabilities to exploit remote code execution, denial of service, or unauthorized file access on the system.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | SAS Release | |
| Reported | Fixed* | |||
| SAS System | SAS Environment Manager | Microsoft® Windows® for x64 | 9.4 TS1M6 | |
| 64-bit Enabled AIX | 9.4 TS1M6 | |||
| 64-bit Enabled Solaris | 9.4 TS1M6 | |||
| HP-UX IPF | 9.4 TS1M6 | |||
| Linux for x64 | 9.4 TS1M6 | |||
| Solaris for x64 | 9.4 TS1M6 | |||
A fix for this issue for SAS Environment Manager 2.5_M3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E8M.html#64650A fix for this issue for SAS Environment Manager Agent 2.5_M3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/F9E.html#64650| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2019-09-10 10:00:40 |
| Date Created: | 2019-08-20 14:35:12 |