Problem Note 68891: A Log4j version 1.2 vulnerability (when using JMSAppender) is identified in SAS® Anti-Money Laundering
 |  |  |  |  |
Severity: High
Description: SAS Anti-Money Laundering contains Log4jv1.2 security vulnerabilities when JMSAppender is configured. For more information, see CVE-2021-4104.
Potential Impact: An attacker might use JMSAppender to perform a Java Naming and Directory Interface (JNDI) request that causes remote code execution.
Click the Hot Fix tab in this note for a link to instructions about accessing and applying the software update.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Anti-Money Laundering | Microsoft® Windows® for x64 | 7.1 | |||
| 64-bit Enabled AIX | 7.1 | |||||
| 64-bit Enabled Solaris | 7.1 | |||||
| Linux for x64 | 7.1 | |||||
A fix for this issue for SAS Compliance Solutions 7.1 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/A5T.html#68891| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2022-06-24 09:13:44 |
| Date Created: | 2022-02-07 15:14:42 |