Hi all, Does IBM have anything to say about this? I assume it's on their security portal.
SAS uses Java and has issued a blog post. Many SAS products use Java and are susceptible to this exposure. Each site should ensure that all SAS users and the Security staff are made aware of this. Please see their post (updated today) here: https://blogs.sas.com/content/sgf/2021/12/13/cve-2021-44228-log4j/. The two statements relating to base SAS are: • For the SAS® 9.4M7 maintenance release, SAS is recommending that the log4j2.formatMsgNoLookups system property be set to true, as documented in the CVE. SAS is working on instructions and will link to them when published. • The SAS® 9.4M6 maintenance release and earlier releases are under active review. Best regards, Cheryl ====================== Cheryl Watson Walker, CEO Watson & Walker, Inc. Sarasota, FL USA www.watsonwalker.com Cell/Text: 941-266-6609 ====================== ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
