Common Vulnerability and Exposure (CVE) Notes relating to SAS


SAS Statement Regarding CVE-2014-0160 (the Heartbleed Vulnerability)

SAS Statement Regarding CVE 2014-3566 (the POODLE Vulnerability)

SAS Statement Regarding CVE 2014-6271 (the Bash Vulnerability)

SAS Statement Regarding CVE 2015-0204 and CVE- 2014-6593

SAS Statement Regarding CVE 2015-0235 (the GHOST Vulnerability)


Problem Note 53609: A vulnerability exists in the Apache Struts 1.3.8 framework that is used by SAS® web applications (CVE-2014-0009)

Problem Note 52725: An OpenSSL Heartbleed vulnerability exists in SAS® 9.4 Web Server - CVE-2014-0160 (the Heartbleed vulnerability)

Problem Note 53245: OpenSSL security vulnerabilities exist in SAS/SECURE™ software - CVE-2014-0224 (SSL/TLS MITM vulnerability)

Problem Note 53341: OpenSSL vulnerabilities exist in the SAS® 9.4 Web Server - CVE-2014-0224 (SSL/TLS MITM vulnerability)

Usage Note 54395: The use of Secure Sockets Layer (SSL) 3.0 with LDAPS for SAS® authentication is susceptible to POODLE vulnerability - CVE 2014-3566 (the POODLE Vulnerability)

Problem Note 54374: Secure Sockets Layer (SSL) capability in SAS® Foundation products is susceptible to the POODLE security vulnerability - CVE 2014-3566 (the POODLE Vulnerability)

Problem Note 56119: SAS® Environment Manager has a known security vulnerability (CVE-2011-2730) 

Problem Note 56560: SAS® Content Server is vulnerable to an XML external entity exploitation (CVE-2015-1833)

Problem Note 57018: Known security issues exist in Apache ActiveMQ


CVE is a dictionary of publicly known information security vulnerabilities and exposures.

CVE is sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Operating as DHS’s Federally Funded Research and Development Center (FFRDC), MITRE has copyrighted the CVE List for the benefit of the community in order to ensure it remains a free and open standard, as well as to legally protect the ongoing use of it and any resulting content by government, vendors, and/or users. In addition, MITRE has trademarked ® the CVE acronym and the CVE logo to protect their sole and ongoing use by the CVE effort within the information security arena.

MITRE maintains CVE and this public Web site, manages the compatibility program, and provides impartial technical guidance to the CVE Editorial Board throughout the process to ensure CVE serves the public interest.

Was this article helpful?
0 out of 0 found this helpful


Powered by Zendesk