ReadyAPI-3.3.1 log4j vulnerable?

Question

Hello, I am wanting to know if the ReadyAPI-3.3.1 app is vulnerable to the log4j vulnerability?
I see that it uses the log4j-core-2.11.jar file.
C:\Program Files\SmartBear\ReadyAPI-3.3.1\lib\log4j-core-2.11.0.jar
What remediation is required if so, is this resolved via a patch to a newer version?

Thank you,
Mike

d0ug · Accepted Answer

Hi mikegonzo, 
&nbsp;
SmartBear is aware of the recently disclosed security issue affecting the open-source Apache “Log4j2” utility (CVE-2021-44228). The Security team is actively working to mitigate our exposure and continue to provide enhanced monitoring of our platforms to safeguard information. Resources potentially affected by this vulnerability have been identified and our Information Technology and Information Security teams are working closely together to remediate any potential exposure in our platforms and environment.
&nbsp;
Please check https://smartbear.com/security/cve-2021-44228/ for further updates.

mikegonzo · Answer

Looks like they have SoapUI 5.6.0 installed, is this vulnerable to log4j vuln and if so, is this patched with an update to the app?Thank you,Mike

Forum Discussion

ReadyAPI-3.3.1 log4j vulnerable?

2 Replies

Related Content

Log4J vulnerability

Does SoapUI 5.6.0 has log4j vulnerability?

SoapUI 5.5.0 Log4j vulnerability

Log4j Vulnerability - Swagger

log4j security vulnerability

Recent Discussions

Parameterising JDBC Connection Settings..Can you do it?

Test Runner - Report All in One File

GroovyScript Help - Repeating JSON Attributes Have Specific Value.....some of the time?

JDBC results are stored in the ReadyAPI project

MyFirstPlugin - button Project menu in Ready Api