Reference Name: Remote Code Execution Vulnerability in SAS® Viya®
Severity: Critical
Status: SAS Hot Fixes Are Available
History
- 9-30-2019 – New hot fixes are available for SAS Viya
Impact
An authenticated SAS user might have the ability to execute system commands on the host server. An unauthenticated user cannot exploit this issue.
Description
The SAS Viya authorization service contains a remote code execution vulnerability via user-configurable conditional rules.
Solution
See SAS Note 64766 to access the hot fix for this issue.