70297 - SAS/ACCESS® Interface to Snowflake allows the bypassing of LOCKDOWN restrictions

SUPPORT / SAMPLES & SAS NOTES

Support

Submit a Problem
Update a Problem
Check Problem Status
SAS Administrators
Security Bulletins
License Assistance
Manage My Software Account
Downloads & Hot Fixes
Samples & SAS Notes

Problem Note 70297: SAS/ACCESS® Interface to Snowflake allows the bypassing of LOCKDOWN restrictions

Severity: Critical

Description: SAS/ACCESS Interface to Snowflake gives the ability to access files and bypass LOCKDOWN restrictions to a user via the SQL procedure.

Potential Impact: An attacker can upload or download files.

Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.

After applying the hot fix, an error similar to the following will occur when there is an attempt to upload or download a file:

ERROR: CLI execute error: GET/PUT statements not allowed.

Operating System and Release Information

Product Family	Product	System	SAS Release
			Reported	Fixed*
SAS System	SAS/ACCESS Interface to Snowflake	Microsoft® Windows® for x64
		Linux for x64

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

Type:	Problem Note
Priority:	alert

Date Modified:	2023-08-08 09:19:54
Date Created:	2023-08-03 17:52:30

Support

Problem Note 70297: SAS/ACCESS® Interface to Snowflake allows the bypassing of LOCKDOWN restrictions

Operating System and Release Information

Follow Us

What is...