Reference Name: Apache Tomcat Vulnerabilities CVE-2020-9484, CVE-2021-25329 and CVE-2022-23181
Severity: Informational
Status: No action by customers is required.
History
- 06-15-2020 – Assessment completed
Impact
SAS® software is not exposed to the Apache Tomcat vulnerabilities CVE-2020-9484, CVE-2021-25329 or CVE-2022-23181.
Description
Apache Tomcat has known remote code execution vulnerabilities resulting from a flaw that exploits the Tomcat PersistenceManager and FileStore components.
Solution
The default SAS® Web Application Server configuration of Apache Tomcat does not enable or use PersistenceManager or FileStore. Therefore, the default configuration is not vulnerable to CVE-2020-9484.