Severity: Medium

Description: The HTML Commons component in SAS 9.4 Web Infrastructure Platform includes a version of JQuery that is affected by the vulnerability described in CVE-2020-11022.

Potential Impact: A user's web browser might execute untrustworthy code.

Click the Hot Fix tab in this note to access the hot fix for this issue. 

Note: The Hot Fix for this issue does not upgrade the overall version of JQuery that is used—it remains at 2.2.3. Rather, the hot fix implements the code patch that was incorporated in newer versions of JQuery within the current SAS library. As a result, automated security scanners might still flag the SAS library for this vulnerability even though the patch has been applied.

Operating System and Release Information

A fix for this issue for SAS Factory Miner 15.2 is available at:

A fix for this issue for SAS Business Rules Manager 3.3_M1 is available at:

A fix for this issue for SAS Workflow Administrator 1.5_M1 is available at:

A fix for this issue for Model Manager 14.3_M1 is available at:

A fix for this issue for SAS High-Performance Risk 4.3 is available at:

A fix for this issue for SAS Grid Manager Module for SAS Environment Manager 1.7 is available at:

A fix for this issue for SAS Code Debugger 4.3 is available at:

A fix for this issue for SAS Environment Manager Mid-Tier 2.6_M1 is available at:

A fix for this issue for SAS Visual Analytics 7.51 is available at:

A fix for this issue for SAS HTML Application Themes 5.2 is available at:

A fix for this issue for SAS Marketing Automation 6.6 is available at:

A fix for this issue for SAS Marketing Optimization 6.6 is available at:

A fix for this issue for Field Quality Analytics 6.3 is available at:

A fix for this issue for SAS Forecast Analyst Workbench 5.4 is available at:

A fix for this issue for SAS Energy Forecasting Mid-Tier 4.3 is available at:

A fix for this issue for SAS Federation Server Manager Mid-Tier 4.3 is available at:

A fix for this issue for SAS Business Rules Manager 3.3 is available at:

A fix for this issue for SAS Workflow Administrator 1.5 is available at:

A fix for this issue for Model Manager 14.3 is available at:

A fix for this issue for SAS High-Performance Risk 4.2 is available at:

A fix for this issue for SAS Lineage Mid-Tier 3.3 is available at:

A fix for this issue for SAS Infrastructure for Risk Management 3.6 is available at:

A fix for this issue for SAS Task Manager Mid-Tier 2.4 is available at:

A fix for this issue for SAS Data Remediation Mid-Tier 2.4 is available at:

A fix for this issue for SAS Business Data Network Mid-Tier 3.3 is available at:

A fix for this issue for SAS Reference Data Manager 3.3 is available at:

A fix for this issue for SAS Code Debugger 4.2 is available at:

A fix for this issue for SAS Model Implementation Platform 3.2 is available at:

A fix for this issue for SAS Visual Analytics 7.5 is available at:

A fix for this issue for SAS Flex Application Themes 5.1 is available at:

A fix for this issue for SAS Environment Manager Mid-Tier 2.6 is available at: