Problem Note 69033: SAS® Environment Manager contains a version of the Terracotta Quartz Scheduler with known vulnerabilities
 |  |  |  |  |
Severity: Critical
Description: SAS Environment Manager contains Terracotta Quartz Scheduler version 1.7.2, which is affected by the vulnerability that is described in CVE-2019-13990.
Potential Impact: The initDocumentParser class within the Terracotta Quartz Scheduler library might allow XML External Entity (XXE) injection attacks.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Environment Manager | Microsoft® Windows® for x64 | 2.5_M4 | 9.4 TS1M7 | ||
| 64-bit Enabled AIX | 2.5_M4 | 9.4 TS1M7 | ||||
| 64-bit Enabled Solaris | 2.5_M4 | 9.4 TS1M7 | ||||
| HP-UX IPF | 2.5_M4 | 9.4 TS1M7 | ||||
| Linux for x64 | 2.5_M4 | 9.4 TS1M7 | ||||
| Solaris for x64 | 2.5_M4 | 9.4 TS1M7 | ||||
A fix for this issue for SAS Environment Manager 2.5_M4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J9V.html#69033| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2022-03-28 10:51:04 |
| Date Created: | 2022-03-25 14:48:26 |