Problem Note 64984: SAS® Web Report Studio contains an information-disclosure vulnerability
 |  |  |  |  |
Severity: Low
Description: The SAS Web Report Studio Director endpoint might display a Java stack trace in the user's web browser as the result of an improperly handled exception.
Potential Impact: Application details are disclosed that might be useful to an attacker.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Web Report Studio | Microsoft® Windows® for x64 | 4.4_M6 | 4.4_M7 | 9.4 TS1M6 | 9.4 TS1M7 |
| 64-bit Enabled AIX | 4.4_M6 | 4.4_M7 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| 64-bit Enabled Solaris | 4.4_M6 | 4.4_M7 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| HP-UX IPF | 4.4_M6 | 4.4_M7 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Linux for x64 | 4.4_M6 | 4.4_M7 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Solaris for x64 | 4.4_M6 | 4.4_M7 | 9.4 TS1M6 | 9.4 TS1M7 | ||
A fix for this issue for SAS Web Report Viewer 4.4_M6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E3F.html#64984A fix for this issue for SAS Web Report Studio 4.4_M6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E3E.html#64984| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2020-04-14 08:15:05 |
| Date Created: | 2019-10-22 10:13:38 |