Select Your Region

Visit the Cary, NC, US corporate headquarters site

Americas

Europe

Middle East & Africa

Asia Pacific

View our worldwide contacts list for help finding your region

Americas

Europe

Middle East & Africa

Asia Pacific

Sign In

Get access to My SAS, trials, communities and more.

Sign Out

Get access to My SAS, trials, communities and more.

SAS Sites

sas.com
Support
Blogs
Communities
Developer
Curiosity
Videos
Merchandise
Brand
PartnerNet

SAS Statement Regarding Remote Code Execution Vulnerability in SAS® Viya®

Reference Name: Remote Code Execution Vulnerability in SAS® Viya®
Severity: Critical
Status: SAS Hot Fixes Are Available

History

  • 9-30-2019 – New hot fixes are available for SAS Viya

Impact

An authenticated SAS user might have the ability to execute system commands on the host server. An unauthenticated user cannot exploit this issue.

Description

The SAS Viya authorization service contains a remote code execution vulnerability via user-configurable conditional rules.

Solution

See SAS Note 64766 to access the hot fix for this issue.

Security Bulletins

View other security bulletins, published as part of our formal PSIRT process.

Technical Support

Get world-class technical support via our support track system.

Samples & SAS Notes

Search our extensive Knowledge Base for code samples and SAS Notes.