12
Re: Updates on log4j Remote Code Execution Vulnera...
source link: https://communities.sas.com/t5/Administration-and-Deployment/Updates-on-log4j-Remote-Code-Execution-Vulnerability-CVE-2021/m-p/786226
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
š This topic is locked.
We are no longer accepting replies to this topic. Need further help? Please sign in and ask a new question.
Updates on log4j Remote Code Execution Vulnerability (CVE-2021-44228)
Posted 2 weeks ago (10133 views)
Official security bulletin: SAS Statement Regarding Remote Code Execution Vulnerability (CVE-2021-44228)
As SAS Technical Support and R&D experts have news and guidance to share about this vulnerability and its impact on SAS software and services, the teams will update the official security bulletin. To be notified when these updates occur, subscribe to this community topic by clicking the Subscribe button at the top of the message. Note that in order to subscribe you must be signed into the community with your SAS profile.
Alternatively you can follow the update notices (without signing in) via RSS Feed. Select Topic Options -> RSS Feed and add to your preferred RSS feed reader.
12 REPLIES
Re: Updates on log4j Remote Code Execution Vulnerability (CVE-2021-44228)
Most recent updates:
- 12-14-2021 (8:00 PM EST) ā Minor corrections within the Security Bulletin page, along with a "next update expected" announcement
- 12-14-2021 (3:00 PM EST) ā Updates within the Security Bulletin page, including information on related vulnerabilities, links to instructions for SASĀ® ViyaĀ® 3.4 and SASĀ® ViyaĀ® 3.5, and evaluations and recommendations for SAS platforms, cloud solutions, and products
Next update expected: 12-15-2021 (by 1:00 PM EST).
Re: Updates on log4j Remote Code Execution Vulnerability (CVE-2021-44228)
Most recent updates:
- 12-15-2021 (11:00 PM EST) - Vulnerability scan guidance; additional guidance for SASĀ® 9.4; links to instructions for SASĀ® 9.4 and SASĀ® ViyaĀ® 2020.1 and later; update for IDeaSĀ® products; update on remediation status for SASĀ® Customer Intelligence 360; evaluations and recommendations for SASĀ® Fraud Management and SASĀ® Business Orchestration Services
Next update expected: 12-16-2021 (approximately 1:00 PM EST)
Re: Updates on log4j Remote Code Execution Vulnerability (CVE-2021-44228)
Most recent updates:
- 12-16-2021 (6:00 PM EST) -Ā Assessment of unauthenticated remote code execution (RCE) exploits (not possible), update on MemexĀ® products and SASĀ® Customer Intelligence 360, evaluations and recommendations for SASĀ® ViyaĀ® 2021.xĀ deployments with Open Distro for Elasticsearch, SASĀ® Adaptive Learning and Intelligent Agent System, SASĀ® Anti-Money Laundering, SASĀ® Customer Due Diligence, SASĀ® Identity 360, SASĀ® Real-Time Screening, and SASĀ® Visual InvestigatorĀ Ā
Next update expected: 12-17-2021 (approximately 6:00 PM EST)
Re: Updates on log4j Remote Code Execution Vulnerability (CVE-2021-44228)
Most recent updates:
- 12-17-2021 (10:00 PM EST)Ā -Ā Mitigation and remediation steps for SAS software, including upcoming repository scan-fix tool; instructions for SASĀ® ViyaĀ® 3.3; additional guidance for SASĀ® Cloud Solutions; solution guidance that aligns with dependent SAS products; updated information for SASĀ® Anti-Money Laundering, SASĀ® Customer Due Diligence, and SASĀ® Fraud Management; evaluations and recommendations for SASĀ® Analytics for IoT, SASĀ® Asset Performance Analytics, SASĀ® Energy Forecasting, SASĀ® Event Stream Processing, SASĀ® Field Quality Analytics, SASĀ® Production Quality Analytics, SASPy Python Interface to MVA SAS, SASĀ® Quality Analytic Suite, and SASĀ® Risk Management Solutions on both the 9.4 and SAS Viya platforms
Next update expected: 12-20-2021 (approximately 6:00 PM EST)
Re: Updates on log4j Remote Code Execution Vulnerability (CVE-2021-44228)
Most recent updates:
- 12-20-2021 (6:00PM) ā Reformatting of bulletin page, addition of CVE-2021-45105 to the related vulnerabilities, revised versioning information for the upcoming scan-fix tool, addition of z/OS within the platform-level instructions for SASĀ® 9.4, detailed evaluations and recommendations for SASĀ® Adaptive Learning and Intelligent Agent System (version 10.5.1), SASĀ® Intelligence and Investigation Management, SASĀ® Life Science Analytics Framework, and SASĀ® Visual Investigator (versions 10.5 and 10.5.1)
Next update expected: 12-21-2021 (approximately 6:00 PM EST)
Re: Updates on log4j Remote Code Execution Vulnerability (CVE-2021-44228)
Most recent updates:
- 12-21-2021 (6:00 PM EST) - Clarification of guidance for unauthenticated versus authenticated remote code execution; updated evaluations and recommendations for SASĀ® Platforms and SASĀ® Cloud Solutions; in the SASĀ® 9.4 instructions, added SAS Software depot to the list of directories to search; evaluation of SASĀ® 9.3 and SASĀ® 9.2; detailed evaluations and recommendations for SASĀ® Cost and Profitability Management, SASĀ®Ā Demand Planning, SASĀ®Ā Demand Signal Repository, SASĀ®Ā Financial Management, SASĀ®Ā Financial Planning and Assortment Planning, SASĀ®Ā Forecast Analyst Workbench, SASĀ® Intelligence and Investigation Management (versions 1.2-1.4), SASĀ®Ā Intelligent Planning, SASĀ®Ā Inventory Optimization, SASĀ®Ā Inventory Optimization Workbench, SASĀ®Ā IT Resource Management, SASĀ®Ā IT Resource Management for SAP, SASĀ®Ā Markdown Optimization, SASĀ®Ā Merchandise Allocation, SASĀ®Ā Merchandise Planning, SASĀ®Ā Pack Optimization, SASĀ®Ā Profitability Management, SASĀ®Ā Promotion Optimization, SASĀ®Ā Regular Price Optimization, SASĀ®Ā Size Optimization, SASĀ®Ā Size Profiling,Ā and SASĀ® Visual Investigator (version 10.4)
Next update expected: 12-22-2021 (approximately 6:00 PM EST)
Re: Updates on log4j Remote Code Execution Vulnerability (CVE-2021-44228)
Most recent updates:
- 12-22-2021 (9:00 PM EST) -Ā Automated approach to remediation on SASĀ® 9.4 (Loguccino), removal of JndiLookup class on server vs client machines, detailed evaluations and recommendations for SASĀ® API for ThreatMetrix Offerings, SASĀ® Campaign Management, SASĀ® Clinical Trial Data Transparency, SASĀ® Continuous Monitoring Offerings, SASĀ® Customer Intelligence 360 Discover, SASĀ® Customer Intelligence 360āÆEngage: Digital, SASĀ® Customer Intelligence 360āÆEngage: Direct, SASĀ® Customer Intelligence 360 Engage: Email, SASĀ® Customer Intelligence 360 Engage: Optimize, SASĀ® Customer Intelligence 360 Match, SASĀ® Customer Intelligence 360 Plan, SASĀ® Detection and Investigation Offerings, SASĀ® Financial Crimes Analytics (on SASĀ® ViyaĀ®), SASĀ® Life Science Analytics Framework 5.4, SASĀ® Life Science Analytics Framework APIs and Extensions, SASĀ® Marketing Automation, SASĀ® Marketing Optimization, SASĀ® Orchestration Adapters, and SASĀ® Real-Time Decision ManagerĀ
Next update expected: 12-23-2021 (approximately 6:00 PM EST)
Re: Updates on log4j Remote Code Execution Vulnerability (CVE-2021-44228)
Most recent updates:
- 12-24-2021 (12:00 PM EST) - Automated approach to remediation on SASĀ® ViyaĀ® 3.xĀ (loguccino) with corresponding adjustments in guidance and instructions; plans for updating to Log4j 2.17; detailed evaluations and recommendations for SASĀ® Analytics Accelerator for Teradata, SASĀ® Data Management Studio and Server, SASĀ® Data Quality Accelerators, SASĀ® Grid Manager, SASĀ® In-Database Technologies, SASĀ® Scoring Accelerators, SASĀ® Visual Analytics, and SASĀ® Visual Analytics Apps
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK