Problem Note 68891: A Log4j version 1.2 vulnerability (when using JMSAppender) is identified in SAS® Anti-Money Laundering
Severity: High
Description: SAS Anti-Money Laundering contains Log4jv1.2 security vulnerabilities when JMSAppender is configured. For more information, see CVE-2021-4104.
Potential Impact: An attacker might use JMSAppender to perform a Java Naming and Directory Interface (JNDI) request that causes remote code execution.
Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.
Operating System and Release Information
SAS System | SAS Anti-Money Laundering | Microsoft® Windows® for x64 | 7.1 | | | |
64-bit Enabled AIX | 7.1 | | | |
64-bit Enabled Solaris | 7.1 | | | |
Linux for x64 | 7.1 | | | |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Problem Note |
Priority: | high |
Date Modified: | 2022-06-24 09:13:44 |
Date Created: | 2022-02-07 15:14:42 |