cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
☑ This topic is solved. Need further help from the community? Please sign in and ask a new question.
shoin
Lapis Lazuli | Level 10 shoin
Lapis Lazuli | Level 10
Go to Solution

Apache Shiro CVE-2022-40664 Vulnerability

Posted 11-10-2022 12:40 PM (743 views)

Hello, there's a SAS note on Apache Shiro CVE-2022-40664 vulnerability for SAS Viya https://support.sas.com/kb/66/541.html addressing 
CVE-2020-11989 Detail at https://nvd.nist.gov/vuln/detail/CVE-2020-11989.

 

however, none for the Apache Shiro vulnerability CVE-2022-40664 for either Viya 3.5 or 4.0 and specifically for AS 9.4, is a note planned?

 

-S

0 Likes
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
ChrisHemedinger
Community Manager ChrisHemedinger
Community Manager

Re: Apache Shiro CVE-2022-40664 Vulnerability

Posted 11-11-2022 08:43 AM (669 views)  |   In reply to shoin

Hi @shoin - I recommend that you open a track with SAS Technical Support. This is the preferred method to exchange information about CVE questions until a bulletin is posted (and a bulletin would be posted only if deemed necessary).

SAS Innovate 2025: Call for Content! Submit your proposals before Sept 16. Accepted presenters get amazing perks to attend the conference!

View solution in original post

0 Likes
Reply
1 REPLY 1
ChrisHemedinger
Community Manager ChrisHemedinger
Community Manager

Re: Apache Shiro CVE-2022-40664 Vulnerability

Posted 11-11-2022 08:43 AM (670 views)  |   In reply to shoin

Hi @shoin - I recommend that you open a track with SAS Technical Support. This is the preferred method to exchange information about CVE questions until a bulletin is posted (and a bulletin would be posted only if deemed necessary).

SAS Innovate 2025: Call for Content! Submit your proposals before Sept 16. Accepted presenters get amazing perks to attend the conference!
0 Likes
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 1 reply
  • ‎11-10-2022 12:40 PM
  • 744 views
  • 0 likes
  • 2 in conversation