Log4j vulnerability

Post Reply
User avatar
John
Site Admin
Posts: 2597
Joined: Mon Apr 24, 2000 3:18 pm
Location: Cleveland, OH
Contact:

Log4j vulnerability

Post by John »

The search appliance is not affected by the log4j vulnerability CVE-2021-44228 (log4shell) that allows arbitrary code execution using jndi and ldap. No update is needed.
John Turnbull
Thunderstone Software
User avatar
mark
Site Admin
Posts: 5513
Joined: Tue Apr 25, 2000 6:56 pm

Re: Log4j vulnerability

Post by mark »

The search appliance is also not affected by the 2nd log4j vulnerability, CVE-2021-45046.
User avatar
mark
Site Admin
Posts: 5513
Joined: Tue Apr 25, 2000 6:56 pm

Re: Log4j vulnerability

Post by mark »

One more for the list. Thunderstone products are not vulnerable to CVE-2021-45105, uncontrolled recursion. No version of Thunderstone products are vulnerable to these as they don't use log4j2.
Post Reply