Problem Note 69946: SASĀ® Platform Web Services contains an Apache component that is affected by known vulnerabilities
Severity: Critical
Description: SAS Platform Web Services contains an Apache component that is affected by the following known vulnerabilities:
Potential Impact:
These vulnerabilities might allow an attacker to do the following:
- perform SSRF style attacks on web services that take at least one parameter of any type
- perform remote directory listings or code exfiltration
- extract any local XML files
Refer to the CVE records listed in the previous section for additional details.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
SAS System | Platform Web Services for SAS | 64-bit Enabled AIX | 9.4 TS1M7 | |
Solaris for x64 | 9.4 TS1M7 | |
Linux for x64 | 9.4 TS1M7 | |
HP-UX IPF | 9.4 TS1M7 | |
64-bit Enabled Solaris | 9.4 TS1M7 | |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Problem Note |
Priority: | high |
Date Modified: | 2023-03-15 09:50:27 |
Date Created: | 2023-03-14 17:28:21 |