BookmarkSubscribeRSS Feed
aalborz-ema
Calcite | Level 5

A recent vulnerability scan has identified the version of ActiveMQ currently running on our SAS 9.4 server to be vulnerable.

I found a relevant article (Updates available for SAS Environment Manager 2.5_M4 : Hot fix J9V014 - SAS Support Communities) in the community forum, but my questions are:

Will updating the SAS Environment Manager remediate the ActiveMQ vulnerability?

How do I run/access SAS Environment Manager? I'm not seeing it under SAS in Start menu.

3 REPLIES 3
gwootton
SAS Super FREQ
Here's the SAS statement on the vulnerability along with remediation steps:
https://support.sas.com/en/security-bulletins/apache-activemq-vulnerability.html
--
Greg Wootton | Principal Systems Technical Support Engineer
aalborz-ema
Calcite | Level 5

Thanks Greg! I figured out the SAS Deployment Manager HotFix install for the ActiveMQ client.

However, even after stopping all the SAS services, when I run the hotfix thru via DM, it's complaining about open/in use files, including activemq client. How do I get around that?

gwootton
SAS Super FREQ
You could restart your host, that should release any open files.
--
Greg Wootton | Principal Systems Technical Support Engineer

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 3 replies
  • 1119 views
  • 0 likes
  • 2 in conversation