A new update is available for SAS Web Server , version 9.4 :
A cross-site scripting vulnerability exists in SAS® Environment Manager
ALERT: The JCraft and JSch libraries that reside in the SAS® Environment Manager server and agent are vulnerable to directory traversal
SAS® Environment Manager contains commons-beanutils libraries that are vulnerable to CVE-2014-0114
Note: A comprehensive list of all SAS hot fixes is available from support.sas.com. You can use the SAS Hot Fix Analysis, Download, and Deployment (SASHFADD) tool to manage your SAS hot fixes.