Severity: Critical

Description: Before the 2022 Q4 release of the updated ODBC drivers for DataFlux^® Data Management Studio and DataFlux^® Data Management Server that are available in SAS Note 66084, DataFlux Salesforce ODBC driver versions (earlier than build 8.00.270) use a version of the HyperSQL database that is affected by the vulnerability described in ​​​CVE-2022-41853.

Potential Impact: Impacts vary and include the potential for remote code execution by an attacker. Refer to the CVE record listed in the previous section for details.

Click the Hot Fix tab of SAS Note 66084 to access the hot fix for this issue.

Operating System and Release Information

Product Family	Product	System	SAS Release
			Reported	Fixed*
Dataflux	DataFlux Data Management Server	Windows Vista
		Windows Millennium Edition (Me)
		Windows 7 Ultimate x64
		Windows 7 Ultimate 32 bit
		Windows 7 Professional x64
		Windows 7 Professional 32 bit
		Windows 7 Home Premium x64
		Windows 7 Home Premium 32 bit
		Windows 7 Enterprise x64
		Windows 7 Enterprise 32 bit
		Microsoft Windows XP Professional
		Microsoft Windows Server 2022
		Microsoft Windows Server 2019
		Microsoft Windows Server 2016
		Microsoft Windows Server 2012 Std
		Microsoft Windows Server 2012 R2 Std
		Microsoft Windows Server 2012 R2 Datacenter
		Microsoft Windows Server 2012 Datacenter
		Microsoft Windows Server 2008 for x64
		Microsoft Windows Server 2008 R2
		Microsoft Windows Server 2008
		Microsoft Windows Server 2003 for x64
		Microsoft Windows Server 2003 Standard Edition
		Microsoft Windows Server 2003 Enterprise Edition
		Microsoft Windows Server 2003 Datacenter Edition
		Microsoft Windows NT Workstation
		Microsoft Windows 2000 Professional
		Microsoft Windows 2000 Server
		Microsoft Windows 2000 Datacenter Server
		Microsoft Windows 2000 Advanced Server
		Microsoft Windows 95/98
		Microsoft Windows 11
		Microsoft Windows 10
		Microsoft Windows 8.1 Pro x64
		Microsoft Windows 8.1 Pro 32-bit
		Microsoft Windows 8.1 Enterprise x64
		Microsoft Windows 8.1 Enterprise 32-bit
		Microsoft Windows 8 Pro x64
		Microsoft Windows 8 Pro 32-bit
		Microsoft Windows 8 Enterprise x64
		Microsoft Windows 8 Enterprise 32-bit
		Microsoft® Windows® for x64
		Windows Vista for x64
		64-bit Enabled AIX
		64-bit Enabled HP-UX
		64-bit Enabled Solaris
		HP-UX IPF
		Linux
		Linux for x64
		Solaris for x64
Dataflux	DataFlux Data Management Studio	Windows Vista for x64
		Windows Vista
		Windows Millennium Edition (Me)
		Windows 7 Ultimate x64
		Windows 7 Ultimate 32 bit
		Windows 7 Professional x64
		Windows 7 Professional 32 bit
		Windows 7 Home Premium x64
		Windows 7 Home Premium 32 bit
		Windows 7 Enterprise x64
		Windows 7 Enterprise 32 bit
		Microsoft Windows XP Professional
		Microsoft Windows Server 2022
		Microsoft Windows Server 2019
		Microsoft Windows Server 2016
		Microsoft Windows Server 2012 Std
		Microsoft Windows Server 2012 R2 Std
		Microsoft Windows Server 2012 R2 Datacenter
		Microsoft Windows Server 2012 Datacenter
		Microsoft Windows Server 2008 for x64
		Microsoft Windows Server 2008 R2
		Microsoft Windows Server 2008
		Microsoft Windows Server 2003 for x64
		Microsoft Windows Server 2003 Standard Edition
		Microsoft Windows Server 2003 Enterprise Edition
		Microsoft Windows Server 2003 Datacenter Edition
		Microsoft Windows NT Workstation
		Microsoft Windows 2000 Professional
		Microsoft Windows 2000 Server
		Microsoft Windows 2000 Datacenter Server
		Microsoft Windows 2000 Advanced Server
		Microsoft Windows 95/98
		Microsoft Windows 11
		Microsoft Windows 10
		Microsoft Windows 8.1 Pro x64
		Microsoft Windows 8.1 Pro 32-bit
		Microsoft Windows 8.1 Enterprise x64
		Microsoft Windows 8.1 Enterprise 32-bit
		Microsoft Windows 8 Pro x64
		Microsoft Windows 8 Pro 32-bit
		Microsoft Windows 8 Enterprise x64
		Microsoft Windows 8 Enterprise 32-bit
		Microsoft® Windows® for x64

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

---

Builds earlier than the DataFlux Salesforce ODBC driver build 8.00.217 use a version of the HyperSQL database that is vulnerable to the remote code execution vulnerability that is described in CVE-2022-41853.

Type:	Problem Note
Priority:	high

Date Modified:	2022-12-20 15:24:58
Date Created:	2022-12-16 13:45:07