70164 - SAS® Lineage 3.3 contains a version of jackson-databind with known vulnerabilities

SUPPORT / SAMPLES & SAS NOTES

Problem Note 70164: SAS® Lineage 3.3 contains a version of jackson-databind with known vulnerabilities

Severity: Critical

Description: SAS^® Lineage 3.3 contains a third-party Java library, jackson-databind 2.9.10, with the following known vulnerabilities:

Potential Impact: The potential impact varies. See the CVE records above for details.

Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.

Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
Product Family	Product	System	Reported	Fixed*	Reported	Fixed*
SAS System	SAS Lineage	Microsoft® Windows® for x64	3.3	3.4	9.4 TS1M6	9.4 TS1M8
		64-bit Enabled AIX	3.3	3.4	9.4 TS1M6	9.4 TS1M8
		64-bit Enabled Solaris	3.3	3.4	9.4 TS1M6	9.4 TS1M8
		HP-UX IPF	3.3	3.4	9.4 TS1M6	9.4 TS1M8
		Linux for x64	3.3	3.4	9.4 TS1M6	9.4 TS1M8
		Solaris for x64	3.3	3.4	9.4 TS1M6	9.4 TS1M8

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

Type:	Problem Note
Priority:	alert

Date Modified:	2023-06-16 09:26:06
Date Created:	2023-06-15 00:41:53