Problem Note 66597: SAS® Anti-Money Laundering contains a broken access-control vulnerability
Severity: Medium
Description: Users can add comments and attachments to objects (for example, alerted entities with alerts, cases, reports, risk assessments, and CDD reviews) that they do not own or should not have access to.
Potential Impact: Unauthorized users can add comments and attachment to objects.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
SAS System | SAS Anti-Money Laundering | 64-bit Enabled Solaris | 7.1 | 7.1 | 9.4 TS1M6 | 9.4 TS1M6 |
64-bit Enabled AIX | 7.1 | 7.1 | 9.4 TS1M6 | 9.4 TS1M6 |
Microsoft® Windows® for x64 | 7.1 | 7.1 | 9.4 TS1M6 | 9.4 TS1M6 |
Linux for x64 | 7.1 | 7.1 | 9.4 TS1M6 | 9.4 TS1M6 |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Problem Note |
Priority: | high |
Date Modified: | 2021-02-11 16:36:22 |
Date Created: | 2020-09-04 01:30:19 |