Log4J Vulnerability – Therefore™ Unaffected
Therefore™ Statement on Log4J Vulnerability
In mid-December 2021, a security vulnerability in the Log4J Java library was made public (CVE-2021-44228). This vulnerability in the Java logging libraries can allow unauthorized remote code execution and access to affected, unpatched servers.
Neither Therefore™ Online nor Therefore™ On-Premise are affected by this vulnerability.
The only Therefore™ component that uses Java is the Therefore™ MEAP app (also known as the Therefore™ MFP Application). Therefore Corporation developers have thoroughly checked this app and confirmed that it does not use Log4J. The app is thus unaffected by the vulnerability.
Therefore™ makes use of an open source component called Log4Net. This is a logging library written in C# for .NET, not Java. Log4Net is thus unaffected by the Log4J vulnerability since the programming and the component itself are different and separate.Back