The US Cybersecurity and Infrastructure Security Agency (CISA) has announced that malicious code has been inserted into what appears to be SolarWinds updates that were released earlier this year.
The Solarwinds suite of products is one of a number of underlying technologies within the SAS Management platform.
We would like to reassure customers that the SAS platform is not affected by this announcement.
In order to ensure stability and continuity of our platform, our policy has always been to avoid running the latest releases of critical external products.
- CISA has reported that the affected versions of the SolarWinds Orion products are 2019.4 through 2020.2.1 HF1.
- We currently operate 2018.2 HF5, which is not one of the affected versions.
- Customers can verify the current version of SolarWinds in use on our Management Platform by looking at the bottom banner of the SAS NMS page.
We will provide further updates if the situation changes. In the meantime, you can find further information about this alert in the following links: