SAS 9.4 Web Server includes OpenSSL 1.0.1j and earlier (dependent on the maintenance level of your SAS 9.4 software). These versions of OpenSSL contain security vulnerabilities, which are described in OpenSSL security advisories through 9th July 2015 at openssl.org/news/vulnerabilities.html.

Note: SAS 9.4 Web Server is part of the SAS^® 9.4 Integration Technologies middle tier. The web server is included with SAS^® BI Server, SAS^® Enterprise BI Server, SAS^® Visual Analytics, and any SAS^® solution that includes a middle tier.

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

A fix for this issue for SAS Web Server 9.42 is available at:

A fix for this issue for SAS Web Server 9.4_M2 is available at:

A fix for this issue for SAS Web Server 9.4_M1 is available at:

A fix for this issue for SAS Environment Manager 2.1_M1 is available at:

A fix for this issue for SAS Web Server 9.4 is available at:

A fix for this issue for SAS Environment Manager 2.1 is available at: