Security Notice: Apache log4j Vulnerability CVE-2021-44228

Info

~~From~~In December 9,2021, ~~2021~~CVE-2021-44228 ~~reports~~was ~~of a Zero Day exploit~~disclosed for Apache ~~Log4j 2.x <= 2.15.0-rc1 were being reported in~~Log4j2, the ~~wild~~Java ~~under~~logging ~~CVE-2021-44228.~~library. The vulnerability is commonly known as Log4Shell and affected vulnerable Log4j2 versions where attacker-controlled JNDI lookups could lead to remote code execution.

Question

Are FileWave systems impacted by ~~this exploit?~~CVE-2021-44228?

Answer

No. FileWave atServer, ~~one~~Boosters, ~~point~~IVS, inand ~~time~~Clients ~~(more~~are ~~than~~not 4impacted ~~years~~by ~~ago)~~CVE-2021-44228 based on FileWave's product assessment.

FileWave did not use the Java Apache Log4j library. Older FileWave releases used log4qt, a C++ ~~implementation~~logging ~~of log4j,~~implementation, but ~~its~~that use was discontinued ~~from~~after FileWave 12.4.

This page is retained as a historical security notice. If you are validating an older or unsupported environment, compare the installed FileWave version ~~12.4~~with ~~of FileWave. The Java version of log4j was never used by FileWave. Therefore~~current FileWave ~~systems~~support ~~(Boosters, Server, IVS,~~guidance and ~~Clients)~~any ~~are~~newer ~~NOT~~FileWave ~~impacted~~security ~~by this vulnerability.~~notices.

Reference

CVE-2021-44228 record