CVE-2021-44228 is a remote code execution vulnerability in Apache Log4j. SAS 9.4 is vulnerable to CVE-2021-44228. VUMC IT applied the necessary Security Update to address the Log4j vulnerability on the server. End users access the SAS server through SAS Enterprise Guide, the PC interface, and through SAS Studio, the web interface. Enterprise Guide is not Java based and is not vulnerable to CVE-2021-44228.
SAS Institute presented a webinar for VUMC customers on SAS Office Analytics this past Sept. 8. The 90-minute discussion included an introduction to SAS Enterprise Guide and SAS Studio. Replay the SAS Webinar Recording at **https://goo.gl/Fr6JnP**. NOTE: The Google URL Shortening Tool was used to shorten the URL provided by SAS.