A new update is available for SAS Web Server , version 9.4_M3 :
ALERT: The SAS® Environment Manager agent log might contain a security vulnerability
A cross-site scripting vulnerability exists in SAS® Environment Manager
ALERT: The JCraft and JSch libraries that reside in the SAS® Environment Manager server and agent are vulnerable to directory traversal
Note: A comprehensive list of all SAS hot fixes is available from support.sas.com. You can use the SAS Hot Fix Analysis, Download, and Deployment (SASHFADD) tool to manage your SAS hot fixes.