Select Your Region

Visit the Cary, NC, US corporate headquarters site

Americas

Europe

Middle East & Africa

Asia Pacific

View our worldwide contacts list for help finding your region

Americas

Europe

Middle East & Africa

Asia Pacific

Sign In

Get access to My SAS, trials, communities and more.

Sign Out

Get access to My SAS, trials, communities and more.

SAS Sites

sas.com
Support
Blogs
Communities
Developer
Curiosity
Videos
Merchandise
Brand
PartnerNet
  1. Security Bulletins
  2. Apache Tomcat vulnerabilities CVE-2020-9484 and CVE-2021-25329

SAS Statement Regarding Apache Tomcat Vulnerability CVE-2020-9484 and CVE-2021-25329 

Reference Name: Apache Tomcat Vulnerabilities CVE-2020-9484, CVE-2021-25329 and CVE-2022-23181
Severity: Informational
Status: No action by customers is required.

History

  • 06-15-2020 – Assessment completed

Impact

SAS® software is not exposed to the Apache Tomcat vulnerabilities CVE-2020-9484CVE-2021-25329 or CVE-2022-23181.

Description

Apache Tomcat has known remote code execution vulnerabilities resulting from a flaw that exploits the Tomcat PersistenceManager and FileStore components.

Solution

The default SAS® Web Application Server configuration of Apache Tomcat does not enable or use PersistenceManager or FileStore. Therefore, the default configuration is not vulnerable to CVE-2020-9484.

Security Bulletins

View other security bulletins, published as part of our formal PSIRT process.

Technical Support

Get world-class technical support via our support track system.

Samples & SAS Notes

Search our extensive Knowledge Base for code samples and SAS Notes.