SAS Statement Regarding Remote Code Execution Vulnerability in SAS® Viya®

Reference Name: Remote Code Execution Vulnerability in SAS® Viya®
Severity: Critical
Status: SAS Hot Fixes Are Available


History

  • 9-30-2019 – New hot fixes are available for SAS Viya

Impact

An authenticated SAS user might have the ability to execute system commands on the host server. An unauthenticated user cannot exploit this issue.

Description

The SAS Viya authorization service contains a remote code execution vulnerability via user-configurable conditional rules.

Solution

See SAS Note 64766 to access the hot fix for this issue.

Security Bulletins Icon

Security Bulletins

View other security bulletins, published as part of our formal PSIRT process.

Technical Support Icon

Technical Support

Get world-class technical support via our support track system.

Samples & SAS Notes Icon

Samples & SAS Notes

Search our extensive Knowledge Base for code samples and SAS Notes.

Back to Top