![]() Permanent solution: Use log4j version 2.17 or higher. The Socket and JMS Appenders are not part of the standard product configuration and are not supported features. This article also provides recommendations for product versions still using log4j 1.x, which has received additional scrutiny and is known to be impacted by CVE-2019-17571 and CVE-2021-4104.Īll products and versions mentioned in this article are not affected by the log4j 1.x attack vectors as they do not use neither SocketServer nor JMSAppender. The current article intends to provide recommendations and technical clarifications with regards to the impact of CVE-2021-44228 in B2Bi, Activator, Integrator, Interchange and MappingServices. As conclusions and recommendations are available we will be publishing them in the dedicated Alert on : ![]() A 0-day vulnerability in the popular Java logging library, log4j, was published on GitHub along with a POC that shows the possibility of Remote Code Execution (RCE) if log4j logs an attacker-controlled string value, CVE-2021-44228.Īxway is aware of Log4j CVE-2021-44228 and is evaluating its impact on all Axway products.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |