Problem Note 67848: The SAS® Environment Manager server contains a version of Apache Tomcat that is affected by known vulnerabilities
 |  |  |  |  |
Severity: High
Description: The SAS Environment Manager server contains Apache Tomcat 9.0.31, which is affected by the following vulnerabilities:
- CVE-2020-9484
- CVE-2020-11996
- CVE-2020-13934
- CVE-2020-13935
- CVE-2020-13943
- CVE-2020-17527
- CVE-2021-24122
- CVE-2021-25329
Potential Impact: See the CVE records that are listed above for details.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Environment Manager | Microsoft® Windows® for x64 | 2.5_M4 | 9.4 TS1M7 | ||
| 64-bit Enabled AIX | 2.5_M4 | 9.4 TS1M7 | ||||
| 64-bit Enabled Solaris | 2.5_M4 | 9.4 TS1M7 | ||||
| HP-UX IPF | 2.5_M4 | 9.4 TS1M7 | ||||
| Linux for x64 | 2.5_M4 | 9.4 TS1M7 | ||||
| Solaris for x64 | 2.5_M4 | 9.4 TS1M7 | ||||
A fix for this issue for SAS Environment Manager 2.5_M4 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J9V.html#67848| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2021-06-07 16:29:20 |
| Date Created: | 2021-05-03 11:24:17 |