Problem Note 66805: SAS® Anti-Money Laundering supports a version of Apache Solr with known vulnerabilities
 |  |  |  |
Severity: Critical
Description: Apache Solr 5.5.5, which is supported by SAS Anti-Money Laundering 7.1, contains the vulnerabilities described in the following CVE records:
- CVE-2019-0192
- CVE-2019-0193
- CVE-2019-17558
- CVE-2017-3164
- CVE-2020-13941
- CVE-2018-11802
- CVE-2018-1308
Potential Impact: The impact varies, but it includes remote code execution. See the CVE records for details.
Solution: SAS recommends upgrading to Solr 8.6.2. For installation and usage information, see SAS Note 66795, "Instructions for installing and using Apache Solr 8.6.2 in SAS® Anti-Money Laundering 7.1."
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Anti-Money Laundering | 64-bit Enabled Solaris | 7.1 | |||
| Linux for x64 | 7.1 | |||||
| 64-bit Enabled AIX | 7.1 | |||||
| Microsoft® Windows® for x64 | 7.1 | |||||
| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2020-10-22 13:53:12 |
| Date Created: | 2020-10-19 10:47:41 |