Problem Note 68574: SAS® Web Application Server 9.46 with Hot Fix I9U001 installed contains a vulnerable version of JUnit
 |  |  |  |
Severity: Medium
Description: SAS Web Application Server 9.46 contains a vulnerable version of JUnit (JUnit 4.10) if you applied Hot Fix I9U001. The JUnit file is saved in the following location: <SASHome>/SASWebApplicationServer/9.4/lib/junit-4.10.jar
This JAR file is not used by the SAS Web Application Server, but it contains a known vulnerability: CVE-2020-15250.
Potential Impact: This is an information disclosure vulnerability. See CVE-2020-15250 for details.
To address this issue, complete these steps:
- Stop the SAS Web Application Server.
- Remove <SASHome>/SASWebApplicationServer/9.4/lib/junit-4.10.jar from the file system.
- Restart the SAS Web Application Server.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Web Application Server | Solaris for x64 | 9.46 | 9.47 | 9.4 TS1M7 | 9.4 TS1M8 |
| Linux for x64 | 9.46 | 9.47 | 9.4 TS1M7 | 9.4 TS1M8 | ||
| HP-UX IPF | 9.46 | 9.47 | 9.4 TS1M7 | 9.4 TS1M8 | ||
| 64-bit Enabled Solaris | 9.46 | 9.47 | 9.4 TS1M7 | 9.4 TS1M8 | ||
| 64-bit Enabled AIX | 9.46 | 9.47 | 9.4 TS1M7 | 9.4 TS1M8 | ||
| Microsoft® Windows® for x64 | 9.46 | 9.47 | 9.4 TS1M7 | 9.4 TS1M8 | ||
| Type: | Problem Note |
| Priority: | medium |
| Date Modified: | 2022-02-28 09:12:47 |
| Date Created: | 2021-11-03 21:56:48 |