Problem Note 69946: SASĀ® Platform Web Services contains an Apache component that is affected by known vulnerabilities
 |  |  |  |  |
Severity: Critical
Description: SAS Platform Web Services contains an Apache component that is affected by the following known vulnerabilities:
Potential Impact:
These vulnerabilities might allow an attacker to do the following:
- perform SSRF style attacks on web services that take at least one parameter of any type
- perform remote directory listings or code exfiltration
- extract any local XML files
Refer to the CVE records listed in the previous section for additional details.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | SAS Release | |
| Reported | Fixed* | |||
| SAS System | Platform Web Services for SAS | 64-bit Enabled AIX | 9.4 TS1M7 | |
| Solaris for x64 | 9.4 TS1M7 | |||
| Linux for x64 | 9.4 TS1M7 | |||
| HP-UX IPF | 9.4 TS1M7 | |||
| 64-bit Enabled Solaris | 9.4 TS1M7 | |||
A fix for this issue for Platform Web Services for SAS 1.8 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/L9N.html#69946| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2023-03-15 09:50:27 |
| Date Created: | 2023-03-14 17:28:21 |