Problem Note 68786: SAS® Environment Manager 2.5 contains an Apache HttpClient library affected by CVE-2020-13956
 |  |  |  |  |
Severity: Medium
Description: SAS Environment Manager 2.5 contains Apache HttpClient 4.5.6, which is affected by the vulnerability described in CVE-2020-13956.
Potential Impact: An attacker might be able to cause requests to be sent to an arbitrary target host for execution. Refer to the CVE record in the previous section for details.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Environment Manager | Microsoft® Windows® for x64 | 2.5_M4 | 9.4 TS1M7 | ||
| 64-bit Enabled AIX | 2.5_M4 | 9.4 TS1M7 | ||||
| 64-bit Enabled Solaris | 2.5_M4 | 9.4 TS1M7 | ||||
| HP-UX IPF | 2.5_M4 | 9.4 TS1M7 | ||||
| Linux for x64 | 2.5_M4 | 9.4 TS1M7 | ||||
| Solaris for x64 | 2.5_M4 | 9.4 TS1M7 | ||||
A fix for this issue for SAS Environment Manager 2.5_M4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J9V.html#68786A fix for this issue for SAS Environment Manager Agent 2.5_M4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J9U.html#68786| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2022-03-22 14:35:53 |
| Date Created: | 2022-01-14 13:37:17 |