A new update is available for SAS Studio , version 3.71 :
Issues addressed in C2L003
| SAS Note 62541 | SAS® Studio contains a cross-site scripting vulnerability |
| SAS Note 62542 | SAS® Studio contains an XML External Entity (XXE) vulnerability |
| SAS Note 62611 | SAS® Studio contains an HTTP response-splitting vulnerability |
| SAS Note 62612 | SAS® Studio might disclose sensitive information through a Java heap inspection |
| SAS Note 62678 | SAS® Studio contains an SQL Injection vulnerability |
| SAS Note 62681 | SAS® Studio contains an arbitrary file-path vulnerability |
| This list of notes might be incomplete. For a complete list of issues addressed by this hot fix, visit the hot fix page for C2L003 |
Note: A comprehensive list of all SAS hot fixes is available from support.sas.com. You can use the SAS Hot Fix Analysis, Download, and Deployment (SASHFADD) tool to manage your SAS hot fixes.
