BookmarkSubscribeRSS Feed
jdubinsky
Calcite | Level 5

I'm looking for help in addressing a few security vulnerabilities that appear on port 2144 in our SAS installations (Environment Management Agent).

 

We have two different SAS installations, one running 9.4 M2, and one running 9.4 M3.

 

Does anyone know how to address the following security vulnerabilities? 

 

CVE-2013-2566

CVE-2015-2808

CVE-2015-4000 

 

The Private JRE used by the agent has already been updated to the latest hotfix available, and I'm not quite sure where to go from here. I can find nothing in the knowledge base on these issues.

 

Thanks,

 

Jim

 

1 REPLY 1
SimonDawson
SAS Employee

EDIT - Forgot to say welcome to the communities Jim!

 

If these are not services you must expose to end users then the simplest mitigation would be to just firewall them off from potential attackers.

For specific advice on mitigating those CVE's I'd contact SAS Technical Support. There are too many factors to consider to provide sound and actionable advice in this forum.

When you engage Technical Support let them know about this forum thread. Hopefully you or the engineer assigned to your track can update the thread with what was decided as the best way forward.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 1 reply
  • 1164 views
  • 3 likes
  • 2 in conversation