Problem Note 56054: Secure Sockets Layer (SSL) 3.0 is enabled for the SAS® Environment Manager agent
The SAS Environment Manager agent listens on port 2144 for plug-in updates from the SAS Environment Manager server. The agent supports Secure Sockets Layer (SSL) 3.0 and, thus, is susceptible to the POODLE vulnerability and other vulnerabilities in SSL 3.0. The POODLE vulnerability is described in the following documents:
You can address this issue in SAS 9.4 TS1M0, TS1M1, and TS1M2 by upgrading to the latest version of the SAS Private Java Runtime Environment (JRE), in which SSL 3.0 is disabled by default. For details about upgrading the SAS Private JRE, see SAS Note 56203, "Downloading the SAS® Private Java Runtime Environment Version 7 update for SAS® 9.3 and SAS® 9.4."
Operating System and Release Information
| SAS System | SAS Environment Manager | Microsoft® Windows® for x64 | 2.1 | 2.5 | 9.4 TS1M0 | 9.4 TS1M3 |
| 64-bit Enabled AIX | 2.1 | 2.5 | 9.4 TS1M0 | 9.4 TS1M3 |
| 64-bit Enabled HP-UX | 2.1 | 2.5 | 9.4 TS1M0 | 9.4 TS1M3 |
| 64-bit Enabled Solaris | 2.1 | 2.5 | 9.4 TS1M0 | 9.4 TS1M3 |
| HP-UX IPF | 2.1 | 2.5 | 9.4 TS1M0 | 9.4 TS1M3 |
| Linux | 2.1 | 2.5 | 9.4 TS1M0 | 9.4 TS1M3 |
| Linux for x64 | 2.1 | 2.5 | 9.4 TS1M0 | 9.4 TS1M3 |
| Solaris for x64 | 2.1 | 2.5 | 9.4 TS1M0 | 9.4 TS1M3 |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
| Type: | Problem Note |
| Priority: | alert |
| Date Modified: | 2015-06-25 14:08:21 |
| Date Created: | 2015-06-24 14:30:53 |
