Problem Note 65614: SAS® 9.4 Logon Manager is incorrectly identified as being impacted by CVE-2019-11358
 |  |  |  |  |
Severity: Informational
Description: Automated vulnerability scanners might incorrectly identify the jQuery file that is used by SAS 9.4 Logon Manager as being impacted by CVE-2019-11358. This identification is not true because SAS Logon Manager does not use the vulnerable function that is described in the CVE.
Potential Impact: There is no impact. Installing the hot fix that is associated with this note updates the jQuery file to version 3.4.0 or later.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Web Infrastructure Platform | Microsoft® Windows® for x64 | 9.4_M6 | 9.4_M6 | 9.4 TS1M6 | 9.4 TS1M6 |
| 64-bit Enabled AIX | 9.4_M6 | 9.4_M6 | 9.4 TS1M6 | 9.4 TS1M6 | ||
| 64-bit Enabled Solaris | 9.4_M6 | 9.4_M6 | 9.4 TS1M6 | 9.4 TS1M6 | ||
| HP-UX IPF | 9.4_M6 | 9.4_M6 | 9.4 TS1M6 | 9.4 TS1M6 | ||
| Linux for x64 | 9.4_M6 | 9.4_M6 | 9.4 TS1M6 | 9.4 TS1M6 | ||
| Solaris for x64 | 9.4_M6 | 9.4_M6 | 9.4 TS1M6 | 9.4 TS1M6 | ||
A fix for this issue for SAS Middle Tier 9.4_M6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/D8T.html#65614
Automated vulnerability scans might incorrectly identify SAS Logon Manager as being impacted by CVE-2019-11358.
| Type: | Problem Note |
| Priority: | low |
| Date Modified: | 2020-06-15 07:40:28 |
| Date Created: | 2020-02-26 16:37:49 |