Problem Note 64842: SAS® 9.4 software references Apache Struts libraries that contain known vulnerabilities
 |  |  |  |  |
Severity: Informational
Description: SAS 9.4 software includes Apache Struts libraries at run time, but the software does not use the libraries.
Potential Impact: Although the affected SAS components do not use these libraries at run time, the libraries are loaded by the Java Virtual Machine as transitive dependencies. As a result, the libraries can be flagged as a threat by a security scan.
Click the Hot Fix tab in this note to access the hot fixes for this issue, or use the SAS Hot Fix Analysis, Download and Deployment Tool to identify all applicable hot fixes for your software deployment.
Operating System and Release Information
| Product Family | Product | System | SAS Release | |
| Reported | Fixed* | |||
| SAS System | N/A | Microsoft Windows 8 Pro x64 | 9.4 TS1M6 | 9.4 TS1M7 |
| Microsoft Windows 8 Pro 32-bit | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Microsoft Windows 8 Enterprise x64 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Microsoft Windows 8 Enterprise 32-bit | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Microsoft® Windows® for x64 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| z/OS | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Microsoft Windows 8.1 Enterprise 32-bit | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Microsoft Windows 8.1 Enterprise x64 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Microsoft Windows 8.1 Pro 32-bit | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Microsoft Windows 8.1 Pro x64 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Microsoft Windows 10 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Microsoft Windows Server 2012 Datacenter | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Microsoft Windows Server 2012 R2 Datacenter | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Microsoft Windows Server 2012 R2 Std | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Microsoft Windows Server 2012 Std | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Microsoft Windows Server 2016 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Microsoft Windows Server 2019 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Windows 7 Enterprise 32 bit | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Windows 7 Enterprise x64 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Windows 7 Home Premium 32 bit | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Windows 7 Home Premium x64 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Windows 7 Professional 32 bit | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Windows 7 Professional x64 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Windows 7 Ultimate 32 bit | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Windows 7 Ultimate x64 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| 64-bit Enabled AIX | 9.4 TS1M6 | 9.4 TS1M7 | ||
| 64-bit Enabled Solaris | 9.4 TS1M6 | 9.4 TS1M7 | ||
| AIX | 9.4 TS1M6 | 9.4 TS1M7 | ||
| HP-UX | 9.4 TS1M6 | 9.4 TS1M7 | ||
| HP-UX IPF | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Linux for x64 | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Solaris | 9.4 TS1M6 | 9.4 TS1M7 | ||
| Solaris for x64 | 9.4 TS1M6 | 9.4 TS1M7 | ||
A fix for this issue for SAS Credit Scoring 6.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E7H.html#64842A fix for this issue for SAS Studio 3.8 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/D8F.html#64842A fix for this issue for Data Integration Studio 4.904 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/D8Y.html#64842A fix for this issue for SAS/GRAPH Java Applets for Web Servers 9.45 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/D9L.html#64842A fix for this issue for SAS Factory Miner 15.1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E4B.html#64842A fix for this issue for SAS Grid Manager Plug-ins for SAS Management Console 9.4_M6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E5T.html#64842A fix for this issue for SAS Contextual Analysis 15.1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E7A.html#64842A fix for this issue for SAS Micro Analytic Service 2.5_M1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E9C.html#64842A fix for this issue for SAS Workflow Studio 1.3_M5 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/F1C.html#64842A fix for this issue for SAS Grid Manager Module for SAS Environment Manager 1.6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/F1G.html#64842A fix for this issue for SAS Forecast Server 15.1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E7Z.html#64842A fix for this issue for SAS Time Series Studio 15.1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E8A.html#64842A fix for this issue for SAS BI Lineage Plug-in for SAS Management Console 4.4_M6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/G2R.html#64842A fix for this issue for SAS Management Console 9.4_M6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/D8N.html#64842A fix for this issue for SAS Data Surveyor for SAP 5.41 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/G3L.html#64842A fix for this issue for SAS Information Map Studio 4.4_M6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/F2V.html#64842A fix for this issue for SAS OLAP Cube Studio 4.4_M6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/G5E.html#64842A fix for this issue for Platform Web Services for SAS 1.6 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/G4H.html#64842A fix for this issue for SAS Studio 3.71 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/C2L.html#64842A fix for this issue for SAS Studio 3.7 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/C7W.html#64842A fix for this issue for SAS Scalable Performance Data Server 5.4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/C9A.html#64842| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2019-10-02 11:09:45 |
| Date Created: | 2019-09-27 10:56:13 |