Problem Note 68453: SAS® Risk and Finance Workbench contains a user security vulnerability
 |  |  |  |  |
Severity: Low
Description: In SAS Risk and Finance Workbench, a non-admin user who cannot view the Configuration menu in the SAS Risk and Finance Workbench user interface is able to create a new Dimension category through the REST API.
Potential Impact: Non-admin users might create a Dimension category in SAS Risk and Finance Workbench.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Risk and Finance Workbench | Linux for x64 | 3.1 | 9.4 TS1M5 | ||
| Microsoft® Windows® for x64 | 3.1 | 9.4 TS1M5 | ||||
A fix for this issue for SAS Risk and Finance Workbench 3.2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/D4L.html#68453A fix for this issue for SAS Risk and Finance Workbench 3.1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/C5N.html#68453
The REST API that creates the Dimension category should be available only to admin users.
| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2021-10-08 12:51:38 |
| Date Created: | 2021-09-30 08:43:10 |