SAS Logo

Worldwide Sites

Worldwide Contacts

If you don't find your country/region in the list, see our worldwide contacts list.

Hi !

Sign In

Get access to My SAS, trials, communities and more.

Sign Out

Get access to My SAS, trials, communities and more.

SAS Sites

sas.com
Support
Blogs
Communities
Developer
Videos
Merchandise
Brand
PartnerNet
  1. Security Bulletins
  2. Apache Tomcat vulnerability CVE-2020-9484

SAS Statement Regarding Apache Tomcat Vulnerability CVE-2020-9484

Reference Name: Apache Tomcat Vulnerability CVE-2020-9484
Severity: Informational
Status: No action by customers is required.

History

  • 06-15-2020 – Assessment completed

Impact

SAS® software is not exposed to the Apache Tomcat vulnerability CVE-2020-9484.

Description

Apache Tomcat has known remote code execution vulnerabilities resulting from a flaw that exploits the Tomcat PersistenceManager and FileStore components.

Solution

The default SAS® Web Application Server configuration of Apache Tomcat does not enable or use PersistenceManager or FileStore. Therefore, the default configuration is not vulnerable to CVE-2020-9484.

Security Bulletins

View other security bulletins, published as part of our formal PSIRT process.

Technical Support

Get world-class technical support via our support track system.

Samples & SAS Notes

Search our extensive Knowledge Base for code samples and SAS Notes.

Back to Top