Log4j - CVE-2021-44228 Zero Day Vulnerability SOAP UI V5.6.0 or Lower

Question

Hi, With SOAP UI V5.6.0 or lower, we found that under \\Smartbear\SoapUI-5.6.0\lib\ , we can find log4j-1.2.14.jar and we would like to know if this is something Smartbear is working to release a newer version of the tool which will utilize v2.15 log4j jar or remove the current version?

We see this in multiple scans on our computer and would like to be proactive on the approach.

We do see this https://community.smartbear.com/t5/SoapUI-Open-Source-Questions/Log4Shell-CVE-2021-44228/m-p/227373#M32732

however this doesn't provide much information on the standalone installation tool.

Thanks
Dharmit

av · Answer

Hello, dharmitpatel316,
&nbsp;
Thanks for you question. Yes, our development team is aware of this issue and we're currently working on fixing it. Very soon we will deliver a hot fix release and please trust me this is not the end. Very soon we will surprise you again 😉
&nbsp;
&nbsp;
&nbsp;
&nbsp;

dharmitpatel316 · Answer

We will wait for the new SOAP UI version and then after we will accept it as a solution, until then, we would have to wait.

Forum Discussion

Log4j - CVE-2021-44228 Zero Day Vulnerability SOAP UI V5.6.0 or Lower

2 Replies

Related Content

Log4Shell - CVE-2021-44228

log4j vulnerability CVE-2021-44228 in Zephyr Scale

SmartBear Communications re: Log4j / CVE-2021-44228

What is Smartbear's response to CVE-2021-44228 log4j vulnerability for Zephyr Squad?

Log4J vulnerability

Recent Discussions

SOAP Request works in SoapUI, but not in C# code

clone TestSuite fails when there are more project with the same name

Will SOAP UI 5.6.1 work with JDK 8

How to configure Swagger in Paas to use it in Oracle APEX instance.

log4j1.x vulnerability