Problem Note 69365: SAS® Business Data Network 3.3 allows users to bypass input validation
Severity: Low
Description: The SAS Business Data Network 3.3 allows users to bypass input validation, which is normally performed when creating a new Term type from the Term Types screen.
Potential Impact: A malicious user might inject malicious code in the Term type name to perform an XSS attack.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
SAS System | SAS Business Data Network | Microsoft® Windows® for x64 | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 |
64-bit Enabled AIX | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 |
64-bit Enabled Solaris | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 |
HP-UX IPF | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 |
Linux for x64 | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 |
Solaris for x64 | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Problem Note |
Priority: | low |
Date Modified: | 2022-07-05 09:58:13 |
Date Created: | 2022-07-03 19:57:52 |