Severity: High

Description: A security vulnerability in the sas-tkcore package exists in SAS Viya 3.1 and SAS Viya 3.2.

Potential Impact: An attacker with knowledge of this vulnerability and network access to the SAS Viya servers can access restricted data.

Update Your Software to Fix This Issue

Important:  All production sites should apply the update for this problem.

The correction for the issue is to update your version of SAS Viya. A link to the instructions on how to access and apply the software update is available on the Hot Fix tab. Click the Hot Fix tab and update your software using the instructions.

Now Verify That the Update Has Been Installed

It is important that you now verify that the fix is installed. To do so, run the following rpm command:

To complete this process, make sure that the package version shown in the rpm output matches or is newer than the following.

Version info for SAS Viya 3.1:

Version info for SAS Viya 3.2:

If You Need Additional Assistance

If needed, contact SAS Technical Support.

Operating System and Release Information

An update for this issue is available for SAS Viya 3.2. For instructions on how to access and apply software updates, see the Software Updates section of the SAS Viya 3.2 Administration document at

An update for this issue is available SAS Viya 3.1. For instructions on how to access and apply software updates, see the Software Updates section of the SAS Viya 3.1 Administration document at