SAS Product Security
Latest bulletins and updates
Security Bulletins
Title | Date${releaseDate|N/A} | Severity | Description | CVE |
---|
Severity | CVSS Range |
---|---|
Informational | 0.0 |
Low | 0.1 - 3.9 |
Medium | 4.0 - 6.9 |
High | 7.0 - 8.9 |
Critical | 9.0 - 10.0 |
Note: Hot fixes for each product component are cumulative and might include functionality fixes in addition to security fixes. For a list of hot fixes that are available for your products, use the the SAS Hot Fix Analysis, Download & Deployment (SASHFADD) tool. See the Hot Fix FAQ for a general overview of hot fixes.
Note: To ensure that SAS customers have the latest security updates for SAS software, SAS recommends that customers install the most current release of the software, including maintenance and security hot fixes.
Java 11, 8, and 7 Updates
SAS continues to use and support private Java 11 Java Runtime Environments (JREs) for SAS 9.4M8 (TS1M8) and later deployments, and Java 8 JREs for SAS 9.4M6 (TS1M6) and SAS 9.4M7 (TS1M7) deployments. SAS has stopped delivering new Java 7 updates due to the decision by Azul, SAS' Java vendor, to end "Commercial Support" of Java 7. SAS will continue to provide the last Java 7 update, which was released by SAS in August 2022.
See SAS Third-Party Software Requirements for details.
See also SAS Note 56203 for the most recent updates to the Java 11, Java 8, and Java 7 JREs and JDKs.
Vulnerability Notes
Title${title_txt_all} | Date${dateCreated_dt||MM-DD-YYYY} | Severity${PSIRTSEV_str|N/A} | Product${product|N/A} |
---|
Product Security Incident Response Team
To keep you informed about any suspected or confirmed security issues, SAS publishes security bulletins and SAS Notes as part of our formal Product Security Incident Response Team (PSIRT) process.
Customers who have SAS support contracts should report a suspected security issue by opening a case with SAS Technical Support. Security researchers or others who do not have a support contract can contact PSIRT directly by sending email to psirt@sas.com.