SAS 9.4 Web Server includes OpenSSL 1.0.2j and earlier (dependent on the maintenance level of your SAS 9.4 software). OpenSSL 1.0.2j contains vulnerabilities per a January 26, 2017 advisory on the OpenSSL website.

Note: SAS 9.4 Web Server is part of the SAS^® 9.4 Integration Technologies middle tier. The web server is included with SAS^® BI Server, SAS^® Enterprise BI Server, SAS^® Visual Analytics, and any SAS^® solution that includes a middle tier.

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

A fix for this issue for SAS Web Server 9.43 is available at:

A fix for this issue for SAS Web Server 9.42 is available at:

A fix for this issue for SAS Web Server 9.4_M2 is available at:

A fix for this issue for SAS Web Server 9.4_M1 is available at:

A fix for this issue for SAS Environment Manager 2.1_M1 is available at:

A fix for this issue for SAS Web Server 9.4 is available at:

A fix for this issue for SAS Environment Manager 2.1 is available at: