Problem Note 70182: The X12 and X13 procedures contain a security vulnerability when BY-group processing is used
 |  |  |  |  |
Severity: High
Description:
If you specify a BY statement and an X11 statement in PROC X12 or PROC X13, the following errors might be produced for one or more BY-groups:
ERROR: Regression matrix singular because of AOXXXXD. Check regression model or change OUTLIER options (i.e. TYPE=AO only.)
If you also specify an OUTPUT statement, output tables might be missing for some BY-groups.
If you specify the MDLINFOOUT= option in PROC X12 or PROC X13 when BY-group processing is used, the procedure might stop processing and issue the following message:
Please contact technical support and provide them with the following traceback information:
The SAS task name is [X13]
ERROR: Write Access Violation X13
Exception occurred at (CFEE8D4A)
Task Traceback
To circumvent these problems, run PROC X12 or PROC X13 separately for each BY-group, as illustrated in SAS Note 66249, "RunBY macro: Add BY processing to macros, procedures, or special code."
Potential Impact: The resulting access violation introduces a potential security risk.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS/ETS | z/OS | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform |
| Microsoft® Windows® for x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows 8 Enterprise x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows 8 Pro x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows 8.1 Enterprise 32-bit | 12.3 | 9.4 TS1M0 | ||||
| Microsoft Windows 8.1 Enterprise x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows 8.1 Pro 32-bit | 12.3 | 9.4 TS1M0 | ||||
| Microsoft Windows 8.1 Pro x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows 10 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows Server 2008 R2 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows Server 2008 for x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows Server 2012 Datacenter | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows Server 2012 R2 Datacenter | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows Server 2012 R2 Std | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows Server 2012 Std | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Windows 7 Enterprise x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Windows 7 Professional x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| 64-bit Enabled AIX | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| 64-bit Enabled Solaris | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| HP-UX IPF | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Linux for x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Solaris for x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||