Problem Note 64328: SAS® Web Application Server is affected by the CVE-2019-0232 vulnerability
 |  |  |  |  |
Severity: Informational
Description: The Tomcat version that underlies SAS Web Application Server is vulnerable to the issue that is described in CVE-2019-0232.
Potential Impact: SAS Web Application Server is not affected by this issue, by default, because the affected functionality is not enabled or configured. However, if that functionality is enabled, then the server is vulnerable to remote code execution.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Web Application Server | Microsoft® Windows® for x64 | 9.45 | 9.4 TS1M6 | ||
| 64-bit Enabled AIX | 9.45 | 9.4 TS1M6 | ||||
| 64-bit Enabled Solaris | 9.45 | 9.4 TS1M6 | ||||
| HP-UX IPF | 9.45 | 9.4 TS1M6 | ||||
| Linux for x64 | 9.45 | 9.4 TS1M6 | ||||
| Solaris for x64 | 9.45 | 9.4 TS1M6 | ||||
A fix for this issue for SAS Web Application Server 9.45 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E3V.html#64328| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2019-07-26 08:15:48 |
| Date Created: | 2019-06-13 10:52:11 |