SUPPORT / SAMPLES & SAS NOTES
Problem Note 67145: Security updates for SAS® Web Infrastructure Platform Data Server JDBC drivers
 |  |  |  |  |
Severity: Medium
Description: JDBC 42.2.x is used in SAS® 9.4M7 (TS1M7) and SAS® 9.4M8 (TS1M8) as the underlying technology for some SAS clients to access the SAS Web Infrastructure Platform Data Server. This version of JDBC driver has the following known security vulnerabilities:
- Vulnerability Summary for CVE-2022-41946 (SAS 9.4M8 only)
- Vulnerability Summary for CVE-2022-31197
- Vulnerability Summary for CVE-2022-21724
- Vulnerability Summary for CVE-2020-13692
Potential Impact: This security concern can have the following impact:
- improper restriction of the XML external entity reference
- allows the attacker to control the JDBC URL or properties
Click the Hot Fix tab in this note to access the hot fix for this issue.
Applying this hot fix brings the JDBC driver up to level 42.2.27 (SAS 9.4M7) and level 42.6.0 (SAS 9.4M8).
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Web Infrastructure Platform Data Server | Microsoft® Windows® for x64 | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 |
| Microsoft Windows 8 Enterprise 32-bit | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Microsoft Windows 8 Enterprise x64 | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Microsoft Windows 8 Pro 32-bit | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Microsoft Windows 8 Pro x64 | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Microsoft Windows 8.1 Enterprise 32-bit | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Microsoft Windows 8.1 Enterprise x64 | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Microsoft Windows 8.1 Pro 32-bit | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Microsoft Windows 8.1 Pro x64 | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Microsoft Windows 10 | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Microsoft Windows Server 2012 Datacenter | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Microsoft Windows Server 2012 R2 Datacenter | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Microsoft Windows Server 2012 R2 Std | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Microsoft Windows Server 2012 Std | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Microsoft Windows Server 2016 | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Microsoft Windows Server 2019 | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Windows 7 Enterprise 32 bit | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Windows 7 Enterprise x64 | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Windows 7 Home Premium 32 bit | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Windows 7 Home Premium x64 | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Windows 7 Professional 32 bit | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Windows 7 Professional x64 | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Windows 7 Ultimate 32 bit | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Windows 7 Ultimate x64 | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| 64-bit Enabled AIX | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| 64-bit Enabled Solaris | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| HP-UX IPF | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Linux for x64 | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Solaris for x64 | 9.4_M6 | 9.4_M8 | 9.4 TS1M6 | 9.4 TS1M8 | ||