Severity: High.
Description: The HashiCorp Vault component used in SAS Viya 3.5 is affected by the following CVE:
Potential Impact: A malicious user might submit a specially-crafted, complex payload that otherwise meets the default request size limit, which results in excessive memory and CPU consumption of Vault. A timeout in the Vault’s auditing subroutine might occur, which might cause the Vault server to become unresponsive.
Note: The Vault version has been updated to 1.20.3. SAS recommends that you update your environment to address this issue. See Updating Your SAS Viya Software for more information.