Problem Note 67000: The HTML Commons component in SAS® 9.4 Web Infrastructure Platform is affected by the JQuery vulnerability that is described in CVE-2020-11022
 |  |  |  |  |
Severity: Medium
Description: The HTML Commons component in SAS 9.4 Web Infrastructure Platform includes a version of JQuery that is affected by the vulnerability described in CVE-2020-11022.
Potential Impact: A user's web browser might execute untrustworthy code.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Note: The Hot Fix for this issue does not upgrade the overall version of JQuery that is used—it remains at 2.2.3. Rather, the hot fix implements the code patch that was incorporated in newer versions of JQuery within the current SAS library. As a result, automated security scanners might still flag the SAS library for this vulnerability even though the patch has been applied.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Web Infrastructure Platform | Microsoft® Windows® for x64 | 9.4_M6 | 9.4 TS1M6 | ||
| 64-bit Enabled AIX | 9.4_M6 | 9.4 TS1M6 | ||||
| 64-bit Enabled Solaris | 9.4_M6 | 9.4 TS1M6 | ||||
| HP-UX IPF | 9.4_M6 | 9.4 TS1M6 | ||||
| Linux for x64 | 9.4_M6 | 9.4 TS1M6 | ||||
| Solaris for x64 | 9.4_M6 | 9.4 TS1M6 | ||||
A fix for this issue for SAS Factory Miner 15.2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J4Z.html#67000A fix for this issue for SAS Business Rules Manager 3.3_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/I7S.html#67000A fix for this issue for SAS Workflow Administrator 1.5_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J3J.html#67000A fix for this issue for Model Manager 14.3_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J6P.html#67000A fix for this issue for SAS High-Performance Risk 4.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J9D.html#67000A fix for this issue for SAS Grid Manager Module for SAS Environment Manager 1.7 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/K1N.html#67000A fix for this issue for SAS Code Debugger 4.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J8Z.html#67000A fix for this issue for SAS Environment Manager Mid-Tier 2.6_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J8Q.html#67000A fix for this issue for SAS Visual Analytics 7.51 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/I9T.html#67000A fix for this issue for SAS HTML Application Themes 5.2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/I7T.html#67000A fix for this issue for SAS Marketing Automation 6.6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/H8P.html#67000A fix for this issue for SAS Marketing Optimization 6.6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/H8Q.html#67000A fix for this issue for Field Quality Analytics 6.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J2F.html#67000A fix for this issue for SAS Forecast Analyst Workbench 5.4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/H8X.html#67000A fix for this issue for SAS Energy Forecasting Mid-Tier 4.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J5W.html#67000A fix for this issue for SAS Federation Server Manager Mid-Tier 4.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/H9U.html#67000A fix for this issue for SAS Business Rules Manager 3.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/F5B.html#67000A fix for this issue for SAS Workflow Administrator 1.5 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J4T.html#67000A fix for this issue for Model Manager 14.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/G3Z.html#67000A fix for this issue for SAS High-Performance Risk 4.2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/G2F.html#67000A fix for this issue for SAS Lineage Mid-Tier 3.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/F8V.html#67000A fix for this issue for SAS Infrastructure for Risk Management 3.6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/G2T.html#67000A fix for this issue for SAS Task Manager Mid-Tier 2.4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J1P.html#67000A fix for this issue for SAS Data Remediation Mid-Tier 2.4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J7E.html#67000A fix for this issue for SAS Business Data Network Mid-Tier 3.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/F9W.html#67000A fix for this issue for SAS Reference Data Manager 3.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/G3I.html#67000A fix for this issue for SAS Code Debugger 4.2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J9N.html#67000A fix for this issue for SAS Model Implementation Platform 3.2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/F6U.html#67000A fix for this issue for SAS Visual Analytics 7.5 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/F9L.html#67000A fix for this issue for SAS Flex Application Themes 5.1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/G4B.html#67000A fix for this issue for SAS Environment Manager Mid-Tier 2.6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/G5X.html#67000| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2023-06-09 11:31:24 |
| Date Created: | 2020-11-25 13:36:30 |