Severity: High

Description: A security vulnerability in SAS^® Visual Data Mining and Machine Learning exists in SAS^® Viya^® 3.2 and SAS Viya 3.3.

Potential Impact: An attacker with knowledge about this vulnerability and network access to the SAS Viya servers can access restricted data.

Click the Hot Fix tab in this note to access the hot fix for this issue.

After You Install the Hot Fix

It is important that you now verify that the update is installed. To do so, run the following rpm command:

To complete this verification process, make sure that the package version shown in the rpm output either matches or is newer than the following:

Version info for SAS Viya 3.2: sas-crscmptrvsn-01.04.01-20180319.110137157985.x86_64

Version info for SAS Viya 3.3: sas-crscmptrvsn-01.10.01-20180319.112251154156.x86_64

Additional Assistance

If you need additional assistance, contact SAS Technical Support.

Operating System and Release Information

An update for this issue is available for SAS Viya 3.2. For instructions on how to access and apply software updates, see the Software Updates section of the SAS Viya 3.2 Administration document at

An update for this issue is available for SAS Viya 3.3. For instructions on how to access and apply software updates, see the Managing Your Software section of the SAS Viya 3.3 Administration document at