Problem Note 69366: Broken access control vulnerability in SAS® Business Data Network 3.3
 |  |  |  |  |
Severity: Medium
Description: There is a broken access control vulnerability in SAS Business Data Network 3.3.
Potential Impact: Low-privileged users are able to access some functions of SAS Business Data Network that should be allowed only for administrative users.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Business Data Network | Microsoft® Windows® for x64 | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 |
| 64-bit Enabled AIX | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| 64-bit Enabled Solaris | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| HP-UX IPF | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Linux for x64 | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 | ||
| Solaris for x64 | 3.3 | 3.4 | 9.4 TS1M6 | 9.4 TS1M8 | ||
A fix for this issue for SAS Business Data Network Mid-Tier 3.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/F9W.html#69366
There is a broken access control vulnerability in SAS® Business Data Network 3.3, which allows low-privileged users to access some functions of SAS Business Data Network that should be allowed only for administrative users.
| Type: | Problem Note |
| Priority: | medium |
| Date Modified: | 2022-07-05 10:52:30 |
| Date Created: | 2022-07-03 20:18:10 |