A serious vulnerability in a piece of open source software called Log4j was recently discovered and reported.

Log4j is widely used in many software products to standardise logging processes and includes parts of SAS Software (most notably Java components).

If the vulnerability is exploited, then an attacker could execute code on the machine running those exposed SAS processes.

Being highly responsive, SAS quickly released a tool and associated instructions on how to find and patch this vulnerability called Logucinno.

Loguccino remediates the Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046 within the specified scope of support. SAS recommends that you use Loguccino, where supported, instead of completing manual mitigation or remediation tasks.

If you would prefer Knoware to assist you in implementing this patch for Log4j, then please let us know by contacting us directly via email at support@knoware.co.nz.