Log4j - CVE-2021-44228 Zero Day Vulnerability SOAP UI V5.6.0 or Lower

Question

Hi, With SOAP UI V5.6.0 or lower, we found that under \\Smartbear\SoapUI-5.6.0\lib\ , we can find log4j-1.2.14.jar and we would like to know if this is something Smartbear is working to release a newer version of the tool which will utilize v2.15 log4j jar or remove the current version?

We see this in multiple scans on our computer and would like to be proactive on the approach.

We do see this https://community.smartbear.com/t5/SoapUI-Open-Source-Questions/Log4Shell-CVE-2021-44228/m-p/227373#M32732

however this doesn't provide much information on the standalone installation tool.

Thanks
Dharmit

av · Answer

Hello, dharmitpatel316,
&nbsp;
Thanks for you question. Yes, our development team is aware of this issue and we're currently working on fixing it. Very soon we will deliver a hot fix release and please trust me this is not the end. Very soon we will surprise you again 😉
&nbsp;
&nbsp;
&nbsp;
&nbsp;

dharmitpatel316 · Answer

We will wait for the new SOAP UI version and then after we will accept it as a solution, until then, we would have to wait.

Forum Discussion

Log4j - CVE-2021-44228 Zero Day Vulnerability SOAP UI V5.6.0 or Lower

Related Content

Log4Shell - CVE-2021-44228

log4j vulnerability CVE-2021-44228 in Zephyr Scale

SmartBear Communications re: Log4j / CVE-2021-44228

What is Smartbear's response to CVE-2021-44228 log4j vulnerability for Zephyr Squad?

Log4J vulnerability

Recent Discussions

log4j1.x vulnerability

SoapUI-5.6.0\lib\log4j-1.2.14.jar

SoupUI loop

xml to soap

OpenAPI/Swagger 3.0 Support