SAS Web Application Server 9.48 Hot Fix Downloads

				Hot Fixes		Customer Support

Go to Host Product List

SAS Web Application Server 9.48

Hot Fix Downloads for Linux for x64

General Information about Hot Fixes

M3P001 was replaced by M3P008

M3P002 was replaced by M3P008

M3P003 was replaced by M3P008

M3P004 was replaced by M3P008

M3P005 was replaced by M3P008

M3P006 was replaced by M3P008

M3P007 was replaced by M3P008

M3P008 for Linux for x64

SAS Web Application Server 9.48

Issue(s) Addressed:

Introduced:

70042

SAS® Web Application Server contains a version of Tomcat that is affected by CVE-2023-24998

M3P001

70568

The SAS® 9.4 JMS Broker includes a version of ActiveMQ that is known to be affected by CVE-2023-46604

M3P002

70698

SAS® Web Application Server contains a version of Tomcat with known vulnerabilities

M3P003

70835

SAS® Web Application Server contains a version of Tomcat with known vulnerabilities

M3P004

70945

SAS® Web Application Server contains Apache Tomcat version 9.0.86, which is affected by CVE-2024-34750

M3P005

70953

SAS® JMS Broker contains a version of ActiveMQ with known vulnerabilities

M3P005

65934

Hot fixes that are available to update Apache HTTP Server (httpd), OpenSSL, and Apache Tomcat versions in SAS® 9.4 and SAS® Viya® 3.5

M3P008

NOTE: If you are running SAS Infrastructure for Risk Management 3.7, you must also install product hot fix M2Q005 for the product to continue functioning properly.

NOTE: If issues are experienced with SAS Studio after application of this hotfix, comment out or remove spring-web*.jar entries from the catalina.properties file on each Web Application Server; servers must be restarted after changes are made. This is a temporary workaround until the problem is resolved by the 2025 Q4 Quarterly Security Update.

Released: August 20, 2025

Documentation: M3P008la.html ^D

Download: M3P008pt.zip

^D indicates that the Documentation has special pre-installation, post-installation or other unique instructions not commonly used for hot fix deployment.

Top ^

PLEASE CAREFULLY READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT ("AGREEMENT") BEFORE DOWNLOADING MATERIALS FROM THIS SITE. BY DOWNLOADING ANY MATERIALS FROM THIS SITE, YOU ARE AGREEING TO THESE TERMS.

You are downloading software code ("Code") which will become part of a product ("Software") you currently have licensed from SAS Institute Inc. or one of its subsidiaries ("the Institute"). this Code is designed to either correct an error in the Software or to add functionality to the Software. The code is governed by the same agreement which governs the Software. If you do not have an existing agreement with the Institute governing the Software, you may not download the Code.

SAS and all other SAS Institute Inc. product or service names are registered trademarks or trademarks of SAS Institute Inc. in the USA and other countries. ^® indicates USA registration. Other brand and product names are registered trademarks or trademarks of their respective companies.