If you have SAS installed or are using a SAS product as an Add-In (example Microsoft Office), you may need to apply a patch for the Apache Log4j vulnerability.
All SAS Products and Solutions that may be affected are listed here: SAS Security Bulletins for Log4j vulnerability