Severity: Critical.
Description: The HashiCorp Vault component used in SAS Viya 3.5 is affected by the following CVEs:
Potential Impact: Both vulnerabilities can lead to a privilege escalation within the Vault application and a remote code execution on the server.
Note: The Vault version has been updated to 1.20.2. SAS recommends that you update your environment to address this issue. See Updating Your SAS Viya Software for more information.