A new update is available for SAS Web Server , version 9.4_M3 :
ALERT: The SAS® Environment Manager agent log might contain a security vulnerability
SAS® Environment Manager contains commons-beanutils libraries that are vulnerable to CVE-2014-0114
Note: A comprehensive list of all SAS hot fixes is available from support.sas.com. You can use the SAS Hot Fix Analysis, Download, and Deployment (SASHFADD) tool to manage your SAS hot fixes.