Severity: Critical

Description: The Apache Commons Collections library, which is used by many SAS^® products, is vulnerable to remote code execution. For information about exposure and fixes, see SAS Statement Regarding the Java Deserialization Vulnerability.

Potential Impact: An attacker might execute malicious code on the server.

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

A fix for this issue for SAS Environment Manager Enablement Kit 2.2 is available at:

A fix for this issue for SAS Environment Manager 2.5 is available at:

A fix for this issue for Supplemental Hot Fix for SAS Security Update 9.4_M3 is available at:

A fix for this issue for SAS Environment Manager Agent 2.5 is available at:

A fix for this issue for SAS Environment Manager 2.3 is available at:

A fix for this issue for SAS Environment Manager 2.1_M1 is available at:

A fix for this issue for SAS Web Server 9.4_M1 is available at:

A fix for this issue for SAS Environment Manager 2.1 is available at:

A fix for this issue for SAS Environment Manager Agent 2.1 is available at:

A fix for this issue for SAS Web Server 9.4 is available at: