Select Your Region

Visit the Cary, NC, US corporate headquarters site

Americas

Europe

Middle East & Africa

Asia Pacific

View our worldwide contacts list for help finding your region

Americas

Europe

Middle East & Africa

Asia Pacific

Sign In

Get access to My SAS, trials, communities and more.

Sign Out

Get access to My SAS, trials, communities and more.

SAS Sites

sas.com
Support
Blogs
Communities
Developer
Curiosity
Videos

Documentation

Learn
Brand
PartnerNet
Merchandise
  1. Security Bulletins
  2. regreSSHion Vulnerability (CVE-2024-6387)

SAS Statement Regarding the regreSSHion Vulnerability (CVE-2024-6387)

Reference Name: regreSSHion Vulnerability (CVE-2024-6387
Severity: Critical
Status: Evaluation

History

  • 7-10-2024 – Initial statement

Summary

SAS is aware of CVE-2024-6387, has investigated the impact of this vulnerability on SAS® products, and has found that no action is recommended.

Impact 

SAS has evaluated that the SAS® Viya® platform, SAS® 9.4, and SAS® Viya® 3.x do not include the vulnerable software packages and are not affected by CVE-2024-6387.

As always, SAS recommends that you keep your SAS deployments up to date. The current version of the SAS®9 platform is SAS 9.4M8 (TS1M8). Instructions for upgrading are available.

Guidance, Activities, and Plans

At this time, no customer action in response to CVE-2024-6387 is recommended. 

Updates to this Bulletin

If SAS has additional news or guidance for this vulnerability and its impact on SAS software and services, this official security bulletin will be updated. 

The latest SAS Product Security bulletins are available at https://support.sas.com/security-bulletins.html and by RSS feed.

Security Bulletins

View other security bulletins, published as part of our formal PSIRT process.

Technical Support

Get world-class technical support via our support track system.

Samples & SAS Notes

Search our extensive Knowledge Base for code samples and SAS Notes.