Therefore News & Blog

Log4J Vulnerability – Therefore™ Unaffected

December, 14 by  |  Announcements, Events, Webinars

Therefore™ Statement on Log4J Vulnerability

 

Context:

In mid-December 2021, a security vulnerability in the Log4J Java library was made public (CVE-2021-44228). This vulnerability in the Java logging libraries can allow unauthorized remote code execution and access to affected, unpatched servers.

 

Statement:

Neither Therefore™ Online nor Therefore™ On-Premise are affected by this vulnerability.

Nearly all Therefore™ applications are developed in C++, C#, and JavaScript, and are thus unaffected.

The only Therefore™ component that uses Java is the Therefore™ MEAP app (also known as the Therefore™ MFP Application). Therefore Corporation developers have thoroughly checked this app and confirmed that it does not use Log4J. The app is thus unaffected by the vulnerability.

 

Additional Information:

Therefore™ makes use of an open source component called Log4Net. This is a logging library written in C# for .NET, not Java. Log4Net is thus unaffected by the Log4J vulnerability since the programming and the component itself are different and separate.

Back