Log4J Vulnerability – Therefore™ Unaffected
diciembre, 14 by Cono Fusco | Announcements, Events, Webinars
Therefore™ Statement on Log4J Vulnerability
Context:
In mid-December 2021, a security vulnerability in the Log4J Java library was made public (CVE-2021-44228). This vulnerability in the Java logging libraries can allow unauthorized remote code execution and access to affected, unpatched servers.
Statement:
Neither Therefore™ Online nor Therefore™ On-Premise are affected by this vulnerability.
Nearly all Therefore™ applications are developed in C++, C#, and JavaScript, and are thus unaffected.
The only Therefore™ component that uses Java is the Therefore™ MEAP app (also known as the Therefore™ MFP Application). Therefore Corporation developers have thoroughly checked this app and confirmed that it does not use Log4J. The app is thus unaffected by the vulnerability.
Additional Information:
Therefore™ makes use of an open source component called Log4Net. This is a logging library written in C# for .NET, not Java. Log4Net is thus unaffected by the Log4J vulnerability since the programming and the component itself are different and separate.
Back