SAS Logo

Worldwide Sites

Worldwide Contacts

If you don't find your country/region in the list, see our worldwide contacts list.

Hi !


Sign In / Create Profile

Sign In


Log out

Sign Out
Edit Profile

SAS Sites

sas.com
Support
Blogs
Communities
Developer
Videos
Merchandise
Brand
PartnerNet
  1. Security Bulletins
  2. Apache Tomcat vulnerability CVE-2020-9484

SAS Statement Regarding Apache Tomcat Vulnerability CVE-2020-9484

Reference Name: Apache Tomcat Vulnerability CVE-2020-9484
Severity: Informational
Status: No action by customers is required.

History

  • 06-15-2020 – Assessment completed

Impact

SAS® software is not exposed to the Apache Tomcat vulnerability CVE-2020-9484.

Description

Apache Tomcat has known remote code execution vulnerabilities resulting from a flaw that exploits the Tomcat PersistenceManager and FileStore components.

Solution

The default SAS® Web Application Server configuration of Apache Tomcat does not enable or use PersistenceManager or FileStore. Therefore, the default configuration is not vulnerable to CVE-2020-9484.

Security Bulletins Icon

Security Bulletins

View other security bulletins, published as part of our formal PSIRT process.

Technical Support Icon

Technical Support

Get world-class technical support via our support track system.

Samples & SAS Notes Icon

Samples & SAS Notes

Search our extensive Knowledge Base for code samples and SAS Notes.

Back to Top