Problem Note 62511: SAS® Environment Manager contains a stored cross-site scripting vulnerability
 |  |  |  |  |
Severity: Low
Description: The web application might allow injection of malicious scripts into an input field within the user management area of the application, which is accessible only to administrators and authorized users.
Potential Impact: A user with administrative rights might unknowingly execute malicious code.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | SAS Release | |
| Reported | Fixed* | |||
| SAS System | SAS Environment Manager | Microsoft® Windows® for x64 | 9.4 TS1M0 | 9.4 TS1M6 |
| 64-bit Enabled AIX | 9.4 TS1M0 | 9.4 TS1M6 | ||
| 64-bit Enabled Solaris | 9.4 TS1M0 | 9.4 TS1M6 | ||
| HP-UX IPF | 9.4 TS1M0 | 9.4 TS1M6 | ||
| Linux for x64 | 9.4 TS1M0 | 9.4 TS1M6 | ||
| Solaris for x64 | 9.4 TS1M0 | 9.4 TS1M6 | ||
A fix for this issue for SAS Environment Manager 2.5_M2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/B7R.html#62511A fix for this issue for SAS Environment Manager 2.5_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/A8X.html#62511A fix for this issue for SAS Environment Manager 2.5 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/V76.html#62511A fix for this issue for SAS Environment Manager 2.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/S45.html#62511A fix for this issue for SAS Web Server 9.4_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/S48.html#62511A fix for this issue for SAS Environment Manager 2.1_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/S44.html#62511A fix for this issue for SAS Web Server 9.4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/S46.html#62511A fix for this issue for SAS Environment Manager 2.1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/S43.html#62511| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2018-08-29 13:28:53 |
| Date Created: | 2018-06-25 10:55:15 |