| M92014 |
| SAS Middle Tier 9.4_M1 |
| Issue(s) Addressed: | Introduced: |
| 54187 | Invocation of the SAS® Web Infrastructure Data Server might fail with an error during migration in the SAS® Deployment Wizard |
M92001 |
| 54189 | Representational State Transfer (REST) service URLs are incorrect after you run an update in place |
M92001 |
| 57351 | An "Unmatched braces" error occurs when you are importing a SAS package using the Traditional Chinese SAS® Management Console |
M92001 |
| 60436 | A link-injection vulnerability exists in the SAS® Stored Process web application |
M92001 |
| 57590 | The autocomplete browser function is not disabled in the SAS® 9.4 Logon Manager logon form |
M92001 |
| 60437 | A cross-site scripting vulnerability exists in the Preferences web application for SAS® 9.3 TS1M0 and later |
M92001 |
| 60719 | Out-of-disk-space issues occur when temporary files are not removed from the \\WebAppServer\\SASServer_#\\temp directory |
M92001 |
| 60265 | Arbitrary redirection from SAS® 9.4 Logon Manager results in a phishing vulnerability |
M92001 |
| 55176 | An error occurs when you run the SAS® Deployment and Backup tool and you use IBM WebSEAL for web authentication |
M92001 |
| 53981 | An SQL exception occurs when you create documents with attachments in SAS® Marketing Optimization |
M92003 |
| 54186 | A phishing vulnerability is possible through arbitrary redirection from the SAS® logoff page |
M92003 |
| 54190 | Establishing connections to object-spawner machine definitions in SAS® Management Console might take several minutes |
M92003 |
| 53551 | The SAS® 9.4 Deployment Backup and Recovery tool fails with the error "The processing instruction target matching '[xX] [mM] [lL]' is not allowed" |
M92003 |
| 42868 | User-defined formats that replace missing numeric values with character values are ignored in SAS® Information Map Studio |
M92004 |
| 55058 | ALERT - Dynamic prompts for a SAS® Stored Process might fail to load and return "access denied," "data source not found," or other permissions-related errors |
M92005 |
| 55537 | ALERT - A reflected cross-site scripting vulnerability has been identified in SAS® Logon Manager |
M92005 |
| 55539 | The SAS® 9.4 Web Administration interface contains a cross-site scripting vulnerability. |
M92005 |
| 56451 | The error "The Application is not authorized to use SAS Logon Manager" occurs when you try to log on to SAS® Environment Manager |
M92005 |
| 56560 | SAS® Content Server is vulnerable to an XML external entity exploitation (CVE-2015-1833) |
M92005 |
| 57799 | The WebDAV repository connection attempt fails with HTTP connection-manager errors |
M92007 |
| 58068 | A calculated item that includes the INTNX function fails validation in SAS® Customer Intelligence Studio |
M92007 |
| 48339 | "Error: java.lang.RuntimeException...ORA-01795" message when logging on to SAS® Enterprise Case Management |
M92008 |
| 58143 | SAS® Drug Development 4 - Users in more than 1,000 groups or subgroups might see errors when attempting to log on, administer users, or use a workflow |
M92008 |
| 58773 | Queries in SAS® Workflow Services fail for users that belong to more than 1,000 groups |
M92008 |
| 58774 | SAS® Web Infrastructure Platform Unable to log on as a user with membership in over a 1,000 groups |
M92008 |
| 58776 | A cross-site scripting vulnerability exists in the SAS® web applications |
M92008 |
| 52971 | Results are incorrect when you use the operator EXACTLY MATCHES in the custom details of SAS® Marketing Automation |
M92009 |
| 55325 | Executing more than one communication in SAS® Customer Intelligence might fail with a java.util.ConcurrentModificationException |
M92009 |
| 54914 | An error occurs if you execute the Relationship Loader batch tool when the SAS® Web Server is set to use SSL |
M92010 |
| 58970 | You cannot disable the "Required" flag in the Custom Details Groups in SAS® Customer Intelligence Studio |
M92010 |
| 61010 | Incorrect values are stored for the common data model when it is used in a SAS® Customer Intelligence Studio campaign |
M92010 |
| 54238 | The SAS® 9.4 Web Administration Console displays old user sessions |
M92011 |
| 54804 | A null-pointer exception occurs in the SAS® 9.4 Web Administration Console (TS1M1) when you load user sessions |
M92011 |
| 56550 | SAS® Studio Mid-Tier enterprise edition times out after 12 hours even if a longer time-out interval has been set |
M92011 |
| 62425 | A cross-site scripting vulnerability exists in the SAS® BI Dashboard Adobe Flash component |
M92012 |
| 61880 | The SAS® 9.4 Logon Manager time-out page is vulnerable to injection of HTML code |
M92014 |
| 63338 | Applications that use the comments service contain a security vulnerability with the use of comments |
M92014 |
| 63459 | SAS® 9.4 Logon Manager contains a version of JQuery that has reached end-of-life status |
M92014 |
|
| D indicates that the Documentation has special pre-installation, post-installation or other unique instructions not commonly used for hot fix deployment. |
General Information about Hot Fixes