63248 - A security vulnerability currently exists in SAS® Plug-ins for Hadoop

Problem Note 63248: A security vulnerability currently exists in SAS® Plug-ins for Hadoop

Severity: High

Description: A security vulnerability in SAS Plug-ins for Hadoop exists in SAS^® 9.4 and all versions of SAS^® Viya^®.

Potential Impact: An attacker with knowledge about this vulnerability and network access to the Hadoop servers can access restricted data.

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

Product Family	Product	System	SAS Release
Product Family	Product	System	Reported	Fixed*
SAS System	SAS Viya	Linux for x64
SAS System	SAS High-Performance Analytics	Linux for x64

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

An update for this issue is available for SAS Viya 3.4. For instructions on how to access and apply software updates, see the Updating Your SAS Viya software section in the SAS Viya 3.4 for Linux Deployment Guide at

http://documentation.sas.com/?softwareId=administration&softwareVersion=3.4&softwareContextId=softwareUpdates

A fix for this issue for SAS Plug-ins for Hadoop 1.02 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/D9U.html#63248

A fix for this issue for SAS Plug-ins for Hadoop 1.01 is available at:

https://tshf.sas.com/techsup/download/hotfix/HF2/D6V.html#63248

Type:	Problem Note
Priority:	alert

Date Modified:	2018-12-18 11:30:50
Date Created:	2018-11-20 15:41:05

Support

Problem Note 63248: A security vulnerability currently exists in SAS® Plug-ins for Hadoop

Operating System and Release Information