Problem Note 70568: The SAS® 9.4 JMS Broker includes a version of ActiveMQ that is known to be affected by CVE-2023-46604
 |  |  |  |  |
Severity: Critical
Description: The SAS 9.4 JMS Broker includes a version of ActiveMQ that is known to be affected by CVE-2023-46604.
Potential Impact: The vulnerability might allow an attacker to perform Remote Code Execution. Refer to the CVE record for details.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Note: The hot fix for this issue is provided through a SAS® Web Application Server hot fix.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS JMS Broker | Linux for x64 | 9.4 | 9.4 TS1M8 | ||
| 64-bit Enabled AIX | 9.4 | 9.4 TS1M8 | ||||
| Microsoft® Windows® for x64 | 9.4 | 9.4 TS1M8 | ||||
A fix for this issue for SAS Web Application Server 9.48 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/M3P.html#70568A fix for this issue for SAS Web Application Server 9.47 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/M3B.html#70568A fix for this issue for SAS Web Application Server 9.46 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/I9U.html#70568A fix for this issue for SAS Web Application Server 9.45 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E3V.html#70568| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2024-01-04 11:08:25 |
| Date Created: | 2023-12-12 11:58:41 |