SUPPORT / SAMPLES & SAS NOTES
 

Support

Problem Note 67145: Security updates for SAS® Web Infrastructure Platform Data Server JDBC drivers

DetailsHotfixAboutRate It

Severity: Medium

Description: JDBC 42.2.x is used in SAS® 9.4M7 (TS1M7)  and SAS® 9.4M8 (TS1M8) as the underlying technology for some SAS clients to access the SAS Web Infrastructure Platform Data Server. This version of JDBC driver ​​​​​has the following known security vulnerabilities: 

Potential Impact: This security concern can have the following impact:

  • improper restriction of the XML external entity reference
  • allows the attacker to control the JDBC URL or properties

Click the Hot Fix tab in this note to access the hot fix for this issue.

Applying this hot fix brings the JDBC driver up to level 42.2.27 (SAS 9.4M7) and  level 42.6.0 (SAS 9.4M8).



Operating System and Release Information

Product FamilyProductSystemProduct ReleaseSAS Release
ReportedFixed*ReportedFixed*
SAS SystemSAS Web Infrastructure Platform Data ServerMicrosoft® Windows® for x649.4_M69.4_M89.4 TS1M69.4 TS1M8
Microsoft Windows 8 Enterprise 32-bit9.4_M69.4_M89.4 TS1M69.4 TS1M8
Microsoft Windows 8 Enterprise x649.4_M69.4_M89.4 TS1M69.4 TS1M8
Microsoft Windows 8 Pro 32-bit9.4_M69.4_M89.4 TS1M69.4 TS1M8
Microsoft Windows 8 Pro x649.4_M69.4_M89.4 TS1M69.4 TS1M8
Microsoft Windows 8.1 Enterprise 32-bit9.4_M69.4_M89.4 TS1M69.4 TS1M8
Microsoft Windows 8.1 Enterprise x649.4_M69.4_M89.4 TS1M69.4 TS1M8
Microsoft Windows 8.1 Pro 32-bit9.4_M69.4_M89.4 TS1M69.4 TS1M8
Microsoft Windows 8.1 Pro x649.4_M69.4_M89.4 TS1M69.4 TS1M8
Microsoft Windows 109.4_M69.4_M89.4 TS1M69.4 TS1M8
Microsoft Windows Server 2012 Datacenter9.4_M69.4_M89.4 TS1M69.4 TS1M8
Microsoft Windows Server 2012 R2 Datacenter9.4_M69.4_M89.4 TS1M69.4 TS1M8
Microsoft Windows Server 2012 R2 Std9.4_M69.4_M89.4 TS1M69.4 TS1M8
Microsoft Windows Server 2012 Std9.4_M69.4_M89.4 TS1M69.4 TS1M8
Microsoft Windows Server 20169.4_M69.4_M89.4 TS1M69.4 TS1M8
Microsoft Windows Server 20199.4_M69.4_M89.4 TS1M69.4 TS1M8
Windows 7 Enterprise 32 bit9.4_M69.4_M89.4 TS1M69.4 TS1M8
Windows 7 Enterprise x649.4_M69.4_M89.4 TS1M69.4 TS1M8
Windows 7 Home Premium 32 bit9.4_M69.4_M89.4 TS1M69.4 TS1M8
Windows 7 Home Premium x649.4_M69.4_M89.4 TS1M69.4 TS1M8
Windows 7 Professional 32 bit9.4_M69.4_M89.4 TS1M69.4 TS1M8
Windows 7 Professional x649.4_M69.4_M89.4 TS1M69.4 TS1M8
Windows 7 Ultimate 32 bit9.4_M69.4_M89.4 TS1M69.4 TS1M8
Windows 7 Ultimate x649.4_M69.4_M89.4 TS1M69.4 TS1M8
64-bit Enabled AIX9.4_M69.4_M89.4 TS1M69.4 TS1M8
64-bit Enabled Solaris9.4_M69.4_M89.4 TS1M69.4 TS1M8
HP-UX IPF9.4_M69.4_M89.4 TS1M69.4 TS1M8
Linux for x649.4_M69.4_M89.4 TS1M69.4 TS1M8
Solaris for x649.4_M69.4_M89.4 TS1M69.4 TS1M8
* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.