Problem Note 69365: SAS® Business Data Network 3.3 allows users to bypass input validation
 |  |  |  |  |
Severity: Low
Description: The SAS Business Data Network 3.3 allows users to bypass input validation, which is normally performed when creating a new Term type from the Term Types screen.
Potential Impact: A malicious user might inject malicious code in the Term type name to perform an XSS attack.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Business Data Network | Microsoft® Windows® for x64 | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 |
| 64-bit Enabled AIX | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| 64-bit Enabled Solaris | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| HP-UX IPF | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Linux for x64 | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Solaris for x64 | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 | ||
A fix for this issue for SAS Business Data Network Mid-Tier 3.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/F9W.html#69365| Type: | Problem Note |
| Priority: | low |
| Date Modified: | 2022-07-05 09:58:13 |
| Date Created: | 2022-07-03 19:57:52 |