SUPPORT / SAMPLES & SAS NOTES
Problem Note 68787: SAS® Environment Manager contains an XStream library with known vulnerabilities
 |  |  |  |  |
Severity: High
Description: SAS Environment Manager contains XStream 1.4.11.1, which contains the following known vulnerabilities:
- CVE-2020-26217
- CVE-2020-26258
- CVE-2021-21341
- CVE-2021-21342
- CVE-2021-21343
- CVE-2021-21344
- CVE-2021-21345
- CVE-2021-21346
- CVE-2021-21347
- CVE-2021-21348
- CVE-2021-21349
- CVE-2021-21350
- CVE-2021-21351
- CVE-2021-29505
- CVE-2021-39139
- CVE-2021-39140
- CVE-2021-39141
- CVE-2021-39144
- CVE-2021-39145
- CVE-2021-39146
- CVE-2021-39147
- CVE-2021-39148
- CVE-2021-39149
- CVE-2021-39150
- CVE-2021-39151
- CVE-2021-39152
- CVE-2021-39153
- CVE-2021-39154
Potential Impact: The impact varies. Refer to the CVE records for details.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Environment Manager | Microsoft® Windows® for x64 | 2.5_M4 | 9.4 TS1M7 | ||
| 64-bit Enabled AIX | 2.5_M4 | 9.4 TS1M7 | ||||
| 64-bit Enabled Solaris | 2.5_M4 | 9.4 TS1M7 | ||||
| HP-UX IPF | 2.5_M4 | 9.4 TS1M7 | ||||
| Linux for x64 | 2.5_M4 | 9.4 TS1M7 | ||||
| Solaris for x64 | 2.5_M4 | 9.4 TS1M7 | ||||