https://communities.sas.com/t5/SAS-Viya-Pay-As-You-Go/SAS-Viya-Azure-Pay-As-You-Go-Vulnerability-Mitigation-CVE-2023/m-p/894124#M180 <P>Thanks <a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/39167">@rich_sas</a>&nbsp;! Confirmed as described:<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="aks_version.jpg" style="width: 999px;"><img src="https://communities.sas.com/t5/image/serverpage/image-id/87920iA7AAEDB2CA5A06DD/image-size/large?v=v2&amp;px=999" role="button" title="aks_version.jpg" alt="aks_version.jpg" /></span></P> Wed, 13 Sep 2023 17:26:02 GMT balbarka 2023-09-13T17:26:02Z https://communities.sas.com/t5/SAS-Viya-Pay-As-You-Go/SAS-Viya-Azure-Pay-As-You-Go-Vulnerability-Mitigation-CVE-2023/m-p/893906#M178 <P>Where would we find out if a cloud provider vulnerability is mitigated in SAS Viya Azure Pay-As-You-Go?</P><P>&nbsp;</P><P>Specific to my scenario, I am running&nbsp;V.04.00M0P011723 and the vulnerability of concern is&nbsp;<A href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29332" target="_blank" rel="noopener noreferrer">CVE-2023-29332</A>,&nbsp;Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability.</P><P>&nbsp;</P><P>I assume that the SAS Viya Azure Pay-As-You-Go managed version will not make this update automatically after restart. So would it be necessary to create a new managed deployment from azure market place once I confirm a newer release has this vulnerability mitigated?</P> Tue, 12 Sep 2023 20:05:06 GMT https://communities.sas.com/t5/SAS-Viya-Pay-As-You-Go/SAS-Viya-Azure-Pay-As-You-Go-Vulnerability-Mitigation-CVE-2023/m-p/893906#M178 balbarka 2023-09-12T20:05:06Z https://communities.sas.com/t5/SAS-Viya-Pay-As-You-Go/SAS-Viya-Azure-Pay-As-You-Go-Vulnerability-Mitigation-CVE-2023/m-p/893924#M179 <P>Hi&nbsp;<a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/441772">@balbarka</a>&nbsp;-</P> <P>&nbsp;</P> <P>Based on your installed version of SAS Viya, I believe you are running on AKS major version 1.24, which is not vulnerable to CVE-2023-29332:</P> <P>&nbsp;</P> <UL> <LI><A href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29332" target="_blank">https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29332</A></LI> <LI><A href="https://cve.report/CVE-2023-29332" target="_blank">https://cve.report/CVE-2023-29332</A></LI> </UL> <P>You can confirm you AKS version in the Azure portal by navigating to your managed application and clicking on the "Parameters and Outputs" pane. At the bottom, you should see a value called kubernetesVersion in the outputs that shows the AKS version that was deployed.</P> <P>&nbsp;</P> <P>Please let me know if you have any further questions or concerns.</P> <P>&nbsp;</P> <P>Best regards,</P> <P>&nbsp;</P> <P>Rich</P> Tue, 12 Sep 2023 20:31:11 GMT https://communities.sas.com/t5/SAS-Viya-Pay-As-You-Go/SAS-Viya-Azure-Pay-As-You-Go-Vulnerability-Mitigation-CVE-2023/m-p/893924#M179 rich_sas 2023-09-12T20:31:11Z https://communities.sas.com/t5/SAS-Viya-Pay-As-You-Go/SAS-Viya-Azure-Pay-As-You-Go-Vulnerability-Mitigation-CVE-2023/m-p/894124#M180 <P>Thanks <a href="https://communities.sas.com/t5/user/viewprofilepage/user-id/39167">@rich_sas</a>&nbsp;! Confirmed as described:<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="aks_version.jpg" style="width: 999px;"><img src="https://communities.sas.com/t5/image/serverpage/image-id/87920iA7AAEDB2CA5A06DD/image-size/large?v=v2&amp;px=999" role="button" title="aks_version.jpg" alt="aks_version.jpg" /></span></P> Wed, 13 Sep 2023 17:26:02 GMT https://communities.sas.com/t5/SAS-Viya-Pay-As-You-Go/SAS-Viya-Azure-Pay-As-You-Go-Vulnerability-Mitigation-CVE-2023/m-p/894124#M180 balbarka 2023-09-13T17:26:02Z