Problem Note 68014: SAS® Data Explorer deployments are vulnerable to Server Side Request Forgery (SSRF)
Severity: High
Description: Penetration testing has found that SAS Data Explorer deployments are potentially vulnerable to Server Side Request Forgery attacks.
Potential Impact: An attacker might be able to induce SAS Data Explorer to make HTTP requests to an arbitrary domain.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
SAS System | SAS Viya | Linux for x64 | 3.4 | 2021.1 | Viya | Viya |
Microsoft Windows Server 2012 Std | 3.4 | 3.5 | Viya | Viya |
Microsoft Windows Server 2012 R2 Std | 3.4 | 3.5 | Viya | Viya |
Microsoft Windows Server 2012 Datacenter | 3.4 | 3.5 | Viya | Viya |
Microsoft Windows Server 2008 for x64 | 3.4 | 3.5 | Viya | Viya |
Microsoft Windows 10 | 3.4 | 3.5 | Viya | Viya |
Microsoft Windows 8.1 Pro x64 | 3.4 | 3.5 | Viya | Viya |
Microsoft Windows 8.1 Enterprise x64 | 3.4 | 3.5 | Viya | Viya |
Microsoft Windows Server 2012 R2 Datacenter | 3.4 | 3.5 | Viya | Viya |
Microsoft Windows 8 Enterprise x64 | 3.4 | 3.5 | Viya | Viya |
Microsoft® Windows® for x64 | 3.4 | 3.5 | Viya | Viya |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Problem Note |
Priority: | alert |
Date Modified: | 2021-08-13 09:33:43 |
Date Created: | 2021-06-04 15:29:06 |