Severity: Medium

Description: The HTML Commons component in SAS 9.4 Web Infrastructure Platform contains a cross-site scripting vulnerability.

Potential Impact: A user might unknowingly execute malicious code.

Click the Hot Fix tab in this note to access the hot fixes currently available for this issue. Hot fixes for additional products are still underway. This message will be updated when all hot fixes are available. Contact SAS Technical Support if you have questions.

Operating System and Release Information

A fix for this issue for SAS Financial Management 5.61 is available at:

A fix for this issue for SAS Federation Server Manager Mid-Tier 4.4 is available at:

A fix for this issue for SAS Visual Analytics 7.51 is available at:

A fix for this issue for SAS Environment Manager Mid-Tier 2.6_M1 is available at:

A fix for this issue for SAS Factory Miner 15.2 is available at:

A fix for this issue for SAS Workflow Administrator 1.5_M1 is available at:

A fix for this issue for SAS Business Rules Manager 3.3_M1 is available at:

A fix for this issue for Model Manager 14.3_M1 is available at:

A fix for this issue for SAS BI Dashboard 4.41_M1 is available at:

A fix for this issue for SAS High-Performance Risk 4.3 is available at:

A fix for this issue for SAS Grid Manager Module for SAS Environment Manager 1.7 is available at:

A fix for this issue for SAS HTML Application Themes 5.2 is available at:

A fix for this issue for SAS Job Flow 9.47 is available at:

A fix for this issue for SAS Middle Tier 9.4_M7 is available at:

A fix for this issue for SAS Marketing Automation 6.6 is available at:

A fix for this issue for SAS Marketing Optimization 6.6 is available at:

A fix for this issue for Field Quality Analytics 6.3 is available at:

A fix for this issue for SAS Forecast Analyst Workbench 5.4 is available at:

A fix for this issue for SAS BI Dashboard 4.41 is available at:

A fix for this issue for SAS Real World Evidence Mid-Tier 4.5 is available at:

A fix for this issue for SAS Episode Analytics Mid-Tier 4.5 is available at:

A fix for this issue for Model Manager 14.3 is available at:

A fix for this issue for SAS Business Rules Manager 3.3 is available at:

A fix for this issue for SAS Workflow Administrator 1.5 is available at:

A fix for this issue for SAS Business Data Network Mid-Tier 3.3 is available at:

A fix for this issue for SAS Lineage Mid-Tier 3.3 is available at:

A fix for this issue for SAS Financial Management 5.6 is available at:

A fix for this issue for SAS Reference Data Manager 3.3 is available at:

A fix for this issue for SAS Data Remediation Mid-Tier 2.4 is available at:

A fix for this issue for SAS Task Manager Mid-Tier 2.4 is available at:

A fix for this issue for SAS Infrastructure for Risk Management 3.6 is available at:

A fix for this issue for SAS Fraud Management 6.1 is available at:

A fix for this issue for SAS Model Implementation Platform 3.2 is available at:

A fix for this issue for SAS Environment Manager Mid-Tier 2.6 is available at:

A fix for this issue for SAS Flex Application Themes 5.1 is available at:

A fix for this issue for SAS Visual Analytics 7.5 is available at:

A fix for this issue for SAS Middle Tier 9.4_M6 is available at:

A fix for this issue for SAS Risk and Finance Workbench 3.2 is available at:

A fix for this issue for SAS Risk Governance Framework 7.4 is available at: