Skip to main content

Security Notice: Apache log4j Vulnerability CVE-2021-44228

InfoWhat

In December 2021, CVE-2021-44228 wasis disclosed forthe Apache Log4j2, the Java logging library. TheLog4j2 vulnerability is commonly known as Log4ShellLog4Shell. It was disclosed in December 2021 and affected vulnerable Log4j2 versions where attacker-controlled JNDI lookups could lead to remote code execution.

Question

FileWave's

Areproduct FileWaveassessment systemsfound impacted by CVE-2021-44228?

Answer

No.that FileWave Server, Boosters, IVS, and Clients arewere not impacted by CVE-2021-4422844228.

based

Why

on

This page is retained as a historical security notice for customers who need to answer security questionnaires, audit older records, or confirm FileWave's productLog4j assessment.

  • FileWave did not use the Java Apache Log4j library.
  • Older FileWave releases used log4qt, a C++ logging implementation, butnot thatLog4j. That use was discontinued after FileWave 12.4.

How

ThisNo pageFileWave-side patch or configuration change is retainedrequired asspecifically afor historicalCVE-2021-44228 securityfor the FileWave components covered by this notice.

If you are validating an olderenvironment:

    Confirm that the system being reviewed is a FileWave Server, Booster, IVS, or unsupportedClient environment,component. Review any non-FileWave Java applications or services on the same hosts separately, since this notice only covers FileWave products. If the environment is old or unsupported, compare the installed FileWave version with current FileWave support guidance and any newer FileWave security notices.

    ReferenceRelated Content

    FileWave Release History
    Back to top