cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
aalborz-ema
Calcite | Level 5 aalborz-ema
Calcite | Level 5

Update ActiveMQ on SAS 9.4 Server for CVE-2023-46604

Posted 03-15-2024 02:21 PM (3211 views)

A recent vulnerability scan has identified the version of ActiveMQ currently running on our SAS 9.4 server to be vulnerable.

I found a relevant article (Updates available for SAS Environment Manager 2.5_M4 : Hot fix J9V014 - SAS Support Communities) in the community forum, but my questions are:

Will updating the SAS Environment Manager remediate the ActiveMQ vulnerability?

How do I run/access SAS Environment Manager? I'm not seeing it under SAS in Start menu.

0 Likes
Reply
3 REPLIES 3
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Update ActiveMQ on SAS 9.4 Server for CVE-2023-46604

Posted 03-15-2024 03:25 PM (3174 views)  |   In reply to aalborz-ema
Here's the SAS statement on the vulnerability along with remediation steps:
https://support.sas.com/en/security-bulletins/apache-activemq-vulnerability.html
--
Greg Wootton | Principal Systems Technical Support Engineer
0 Likes
Reply
aalborz-ema
Calcite | Level 5 aalborz-ema
Calcite | Level 5

Re: Update ActiveMQ on SAS 9.4 Server for CVE-2023-46604

Posted 03-15-2024 05:40 PM (3156 views)  |   In reply to gwootton

Thanks Greg! I figured out the SAS Deployment Manager HotFix install for the ActiveMQ client.

However, even after stopping all the SAS services, when I run the hotfix thru via DM, it's complaining about open/in use files, including activemq client. How do I get around that?

0 Likes
Reply
gwootton
SAS Super FREQ gwootton
SAS Super FREQ

Re: Update ActiveMQ on SAS 9.4 Server for CVE-2023-46604

Posted 03-18-2024 09:01 AM (3064 views)  |   In reply to aalborz-ema
You could restart your host, that should release any open files.
--
Greg Wootton | Principal Systems Technical Support Engineer
0 Likes
Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

Learn how to explore data assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 3 replies
  • ‎03-15-2024 02:21 PM
  • 3212 views
  • 0 likes
  • 2 in conversation