Reference Name: Remote Code Execution Vulnerability in SAS® Viya®
Status: SAS Hot Fixes Are Available
- 9-30-2019 – New hot fixes are available for SAS Viya
An authenticated SAS user might have the ability to execute system commands on the host server. An unauthenticated user cannot exploit this issue.
The SAS Viya authorization service contains a remote code execution vulnerability via user-configurable conditional rules.
See SAS Note 64766 to access the hot fix for this issue.