Problem Note 70297: SAS/ACCESS® Interface to Snowflake allows the bypassing of LOCKDOWN restrictions
 |  |  |  |  |
Severity: Critical
Description: SAS/ACCESS Interface to Snowflake gives the ability to access files and bypass LOCKDOWN restrictions to a user via the SQL procedure.
Potential Impact: An attacker can upload or download files.
Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.
After applying the hot fix, an error similar to the following will occur when there is an attempt to upload or download a file:
ERROR: CLI execute error: GET/PUT statements not allowed.
Operating System and Release Information
| Product Family | Product | System | SAS Release | |
| Reported | Fixed* | |||
| SAS System | SAS/ACCESS Interface to Snowflake | Microsoft® Windows® for x64 | ||
| Linux for x64 | ||||
A fix for this issue for SAS/ACCESS Interface to Snowflake 9.43 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/L9B.html#70297| Type: | Problem Note |
| Priority: | alert |
| Date Modified: | 2023-08-08 09:19:54 |
| Date Created: | 2023-08-03 17:52:30 |