Reference Name: Apache Tomcat "Ghostcat" Vulnerability (CVE-2020-1938)
Status: No action by customers is required
3-3-2020 – Acknowledgement
CVE-2020-1938, also known as "Ghostcat," affects the Apache Tomcat AJP connector. For more information, see CVE-2020-1938.
SAS®9 and SAS Viya products do not enable or use the Tomcat AJP connector. Therefore, these products are not exposed to this vulnerability. No action is required to remediate this issue in SAS products.