topic Re: Update ActiveMQ on SAS 9.4 Server for CVE-2023-46604 in Administration and Deployment https://communities.sas.com/t5/Administration-and-Deployment/Update-ActiveMQ-on-SAS-9-4-Server-for-CVE-2023-46604/m-p/920706#M28237 You could restart your host, that should release any open files. Mon, 18 Mar 2024 13:01:51 GMT gwootton 2024-03-18T13:01:51Z Update ActiveMQ on SAS 9.4 Server for CVE-2023-46604 https://communities.sas.com/t5/Administration-and-Deployment/Update-ActiveMQ-on-SAS-9-4-Server-for-CVE-2023-46604/m-p/920490#M28229 <P>A recent vulnerability scan has identified the version of ActiveMQ currently running on our SAS 9.4 server to be vulnerable.</P><P>I found a relevant article (<A href="https://communities.sas.com/t5/SAS-Hot-Fix-Announcements/Updates-available-for-SAS-Environment-Manager-2-5-M4-Hot-fix/ba-p/918947" target="_blank" rel="noopener">Updates available for SAS Environment Manager 2.5_M4 : Hot fix J9V014 - SAS Support Communities</A>) in the community forum, but my questions are:</P><P>Will updating the SAS Environment Manager remediate the ActiveMQ vulnerability?</P><P>How do I run/access SAS Environment Manager? I'm not seeing it under SAS in Start menu.</P> Fri, 15 Mar 2024 19:00:02 GMT https://communities.sas.com/t5/Administration-and-Deployment/Update-ActiveMQ-on-SAS-9-4-Server-for-CVE-2023-46604/m-p/920490#M28229 aalborz-ema 2024-03-15T19:00:02Z Re: Update ActiveMQ on SAS 9.4 Server for CVE-2023-46604 https://communities.sas.com/t5/Administration-and-Deployment/Update-ActiveMQ-on-SAS-9-4-Server-for-CVE-2023-46604/m-p/920503#M28230 Here's the SAS statement on the vulnerability along with remediation steps: <BR /><A href="https://support.sas.com/en/security-bulletins/apache-activemq-vulnerability.html" target="_blank">https://support.sas.com/en/security-bulletins/apache-activemq-vulnerability.html</A> Fri, 15 Mar 2024 19:25:37 GMT https://communities.sas.com/t5/Administration-and-Deployment/Update-ActiveMQ-on-SAS-9-4-Server-for-CVE-2023-46604/m-p/920503#M28230 gwootton 2024-03-15T19:25:37Z Re: Update ActiveMQ on SAS 9.4 Server for CVE-2023-46604 https://communities.sas.com/t5/Administration-and-Deployment/Update-ActiveMQ-on-SAS-9-4-Server-for-CVE-2023-46604/m-p/920522#M28231 <P>Thanks Greg! I figured out the SAS Deployment Manager HotFix install for the ActiveMQ client.</P><P>However, even after stopping all the SAS services, when I run the hotfix thru via DM, it's complaining about open/in use files, including activemq client. How do I get around that?</P> Fri, 15 Mar 2024 21:40:23 GMT https://communities.sas.com/t5/Administration-and-Deployment/Update-ActiveMQ-on-SAS-9-4-Server-for-CVE-2023-46604/m-p/920522#M28231 aalborz-ema 2024-03-15T21:40:23Z Re: Update ActiveMQ on SAS 9.4 Server for CVE-2023-46604 https://communities.sas.com/t5/Administration-and-Deployment/Update-ActiveMQ-on-SAS-9-4-Server-for-CVE-2023-46604/m-p/920706#M28237 You could restart your host, that should release any open files. Mon, 18 Mar 2024 13:01:51 GMT https://communities.sas.com/t5/Administration-and-Deployment/Update-ActiveMQ-on-SAS-9-4-Server-for-CVE-2023-46604/m-p/920706#M28237 gwootton 2024-03-18T13:01:51Z