Ask a Question
Log In / Sign Up
Resources
Ask a Question
Log In Sign Up

Is Alertsite affected by the Log4J vulnerability?

SOLVED
Solved
SPATIALinfo_Pty_1
Visitor
‎12-16-2021 10:13 PM
‎12-16-2021 10:13 PM

Is Alertsite affected by the Log4J vulnerability?

Hi 
I would like to know if Alertsite application is affected by the Log4J vulnerability issue and if it is has a patch has been release ?

 

Thanks in advance

 

Frank

0 Kudos
4 REPLIES 4
sonya_m
SmartBear Alumni (Retired)
SmartBear Alumni (Retired)
‎12-17-2021 12:18 AM
‎12-17-2021 12:18 AM

Hi @SPATIALinfo_Pty_1 ,

 

The Apache Log4j2 Remote Code Execution (RCE) Vulnerabilities - CVE-2021-44228 and CVE-2021-45046 have been mitigated or remediated on SmartBear-managed cloud products. If you are on an on-premise version or a customized version, please reach out to our support team at https://support.smartbear.com for further information.

 

Apache recently announced that the fix to address CVE-2021-44228 (upgrading Log4j to at least version 2.15.0) is not complete if non-default or custom configurations are used. SmartBear products remain unaffected with this new information. SmartBear does not use the non-default configurations and the residual risk is low in using the 2.15.0 version of Log4j.

 

Many SmartBear products are already using Log4j 2.16.0. Out of an abundance of caution, SmartBear products not already using 2.16 will update to this version during the next available release.


Sonya Mihaljova
Community and Education Specialist

knight2628
New Member
In response to sonya_m
‎01-21-2022 06:00 AM
‎01-21-2022 06:00 AM

Hi,

 

Has Alert site taken the proper steps to update to 2.17?

 

Thank you, 

 

knight2628

0 Kudos
SJeffries
Staff
Staff
‎01-21-2022 09:01 AM
‎01-21-2022 09:01 AM

Public locations have been patched. Private locations are only impacted in very rare circumstances; when endpoints being tested are vulnerable and other internal insecure assets are in play. A release to mitigate the rare circumstances is being developed now. Feel free to contact Customer Care directly if you are still concerned

SJeffries
Staff
Staff
In response to knight2628
‎01-21-2022 09:04 AM
‎01-21-2022 09:04 AM

A new release for Private Locations is being reviewed now by Quality Assurance. The new release will mitigates all potential vulnerabilities regarding log4j. All private instances where this is a concern will be able to upgrade to this version once released. It will be released very soon

 
Subscribe
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: