topic Re: Apache Shiro CVE-2022-40664 Vulnerability in Administration and Deployment https://communities.sas.com/t5/Administration-and-Deployment/Apache-Shiro-CVE-2022-40664-Vulnerability/m-p/843784#M25489 <P>Hi&nbsp;<a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/15279">@shoin</a>&nbsp;- I recommend that you <A href="https://www.sas.com/en_us/contact/technical-support.geo.html" target="_self">open a track with SAS Technical Support</A>. This is the preferred method to exchange information about CVE questions until a bulletin is posted (and a bulletin would be posted only if deemed necessary).</P> Fri, 11 Nov 2022 13:43:06 GMT ChrisHemedinger 2022-11-11T13:43:06Z Apache Shiro CVE-2022-40664 Vulnerability https://communities.sas.com/t5/Administration-and-Deployment/Apache-Shiro-CVE-2022-40664-Vulnerability/m-p/843644#M25483 <P>Hello, there's a SAS note on Apache Shiro&nbsp;CVE-2022-40664 vulnerability for SAS Viya&nbsp;<A href="https://support.sas.com/kb/66/541.html" target="_blank">https://support.sas.com/kb/66/541.html</A>&nbsp;addressing&nbsp;<BR />CVE-2020-11989 Detail at <A href="https://nvd.nist.gov/vuln/detail/CVE-2020-11989" target="_blank">https://nvd.nist.gov/vuln/detail/CVE-2020-11989</A>.</P> <P>&nbsp;</P> <P>however, none for the Apache Shiro vulnerability CVE-2022-40664 for either Viya 3.5 or 4.0 and specifically for AS 9.4, is a note planned?</P> <P>&nbsp;</P> <P>-S</P> Thu, 10 Nov 2022 17:40:38 GMT https://communities.sas.com/t5/Administration-and-Deployment/Apache-Shiro-CVE-2022-40664-Vulnerability/m-p/843644#M25483 shoin 2022-11-10T17:40:38Z Re: Apache Shiro CVE-2022-40664 Vulnerability https://communities.sas.com/t5/Administration-and-Deployment/Apache-Shiro-CVE-2022-40664-Vulnerability/m-p/843784#M25489 <P>Hi&nbsp;<a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/15279">@shoin</a>&nbsp;- I recommend that you <A href="https://www.sas.com/en_us/contact/technical-support.geo.html" target="_self">open a track with SAS Technical Support</A>. This is the preferred method to exchange information about CVE questions until a bulletin is posted (and a bulletin would be posted only if deemed necessary).</P> Fri, 11 Nov 2022 13:43:06 GMT https://communities.sas.com/t5/Administration-and-Deployment/Apache-Shiro-CVE-2022-40664-Vulnerability/m-p/843784#M25489 ChrisHemedinger 2022-11-11T13:43:06Z