Severity: Medium

Description: SAS 9.4 Web Server includes OpenSSL 1.0.2l and earlier (dependent on the maintenance level of your SAS 9.4 software). OpenSSL 1.0.2l contains vulnerabilities per a March 27, 2018 advisory on the OpenSSL website.

Note: SAS 9.4 Web Server is part of the SAS^® 9.4 Integration Technologies middle tier. The web server is included with SAS^® BI Server, SAS^® Enterprise BI Server, SAS^® Visual Analytics, and any SAS^® solution that includes a middle tier.

Potential Impact: The server might be vulnerable to a Denial of Service attack.

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

A fix for this issue for SAS Web Server 9.44 is available at:

A fix for this issue for SAS Web Server 9.43 is available at:

A fix for this issue for SAS Web Server 9.42 is available at:

A fix for this issue for SAS Web Server 9.4_M2 is available at:

A fix for this issue for SAS Web Server 9.4_M1 is available at:

A fix for this issue for SAS Environment Manager 2.1_M1 is available at:

A fix for this issue for SAS Web Server 9.4 is available at:

A fix for this issue for SAS Environment Manager 2.1 is available at: