Problem Note 68992: SAS® Event Stream Processing contains a Log4J 1.x library with known vulnerabilities
Severity: Informational
Description: SAS Event Stream Processing ships a Log4j 1.x library at /opt/sas/viya/home/SASEventStreamProcessingEngine/6.2/lib/log4j-1.2.17.jar. The following CVEs exist for Log4j 1.x:
Potential Impact: As described in the Log4j v1 security bulletin, SAS Event Stream Processing is not impacted by these vulnerabilities. But, the Log4j v1 library might be flagged by security scanners.
Note: Users of SAS Event Stream Processing 6.1 or earlier should contact SAS Technical Support for additional instructions.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
SAS System | SAS Event Stream Processing for Edge Computing | Linux for x64 | 6.2 | | Viya | |
Linux for AArch64 | 6.2 | | Viya | |
SAS System | SAS Event Stream Processing Engine | Linux for x64 | 6.2 | | | |
Microsoft® Windows® for x64 | 6.2 | | | |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Problem Note |
Priority: | medium |
Date Modified: | 2022-11-17 11:32:42 |
Date Created: | 2022-03-09 14:28:01 |