67808 - SAS® Life Science Analytics Framework 5.1.x/5.2.x - Security vulnerability identified in jQuery version included in application HTML Commons component

Problem Note 67808: SAS® Life Science Analytics Framework 5.1.x/5.2.x - Security vulnerability identified in jQuery version included in application HTML Commons component

Severity: Medium

Description: Security vulnerabilities were identified in the version of jQuery that is currently included in a version of HTML Commons that is part of SAS Life Science Analytics Framework 5.1.x and 5.2.x. HTML Commons is providing a hot fix for all versions of HTML Commons that are currently in the field or pending release.

For existing SAS Life Science Analytics Framework 5.2.x customers, a fix (5.2.3) is required in order to accommodate the HTML Commons fix. Existing SAS Life Science Analytics Framework 5.1.x customers must make arrangements to upgrade their instances to either 5.2.3 or 5.3.1 in order to pick up the fix.

Potential Impact: For details about the addressed vulnerabilities, see these links:

CVE-2020-11022
CVE-2019-11358

To obtain a fix for this issue, contact SAS Technical Support.

Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
			Reported	Fixed*	Reported	Fixed*
SAS System	SAS Life Science Analytics Framework	Linux for x64	5.1	5.2.3	9.4 TS1M5	9.4 TS1M6

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

Type:	Problem Note
Priority:	high

Date Modified:	2021-05-12 11:45:07
Date Created:	2021-04-19 16:37:30