Skip to main content

Security Notice: Apache log4j Vulnerability CVE-2021-44228

What

CVE-2021-44228 is the Apache Log4j2 vulnerability commonly known as Log4Shell. It was disclosed in December 2021 and affected vulnerable Log4j2 versions where attacker-controlled JNDI lookups could lead to remote code execution.

FileWave's product assessment found that FileWave Server, Boosters, IVS, and Clients were not impacted by CVE-2021-44228.

Why

This page is retained as a historical security notice for customers who need to answer security questionnaires, audit older records, or confirm FileWave's Log4j assessment.

  • FileWave did not use the Java Apache Log4j library.
  • Older FileWave releases used log4qt, a C++ logging implementation, not Log4j. That use was discontinued after FileWave 12.4.

How

No FileWave-side patch or configuration change is required specifically for CVE-2021-44228 for the FileWave components covered by this notice.

If you are validating an environment:

  1. Confirm that the system being reviewed is a FileWave Server, Booster, IVS, or Client component.
  2. Review any non-FileWave Java applications or services on the same hosts separately, since this notice only covers FileWave products.
  3. If the environment is old or unsupported, compare the installed FileWave version with current FileWave support guidance and any newer FileWave security notices.

Related Content

No comments to display

Back to top