Log4j Vulnerability to Zero-Day Exploit and Digital.ai Application Protection and App Aware

Overview

Many of our users will have seen the recent news about ongoing problems with the Zero-Day attack which exploits vulnerabilities in the Apache Log4j library - CVE-2021-44228.

Application Protection

No Digital.ai Application Protection software uses affected versions of the Log4J library. The Application Protection tool for Android uses a separate logging library, SLF4J, which is unrelated to Log4J.

Desktop Application Protection includes a copy of eclipse, which in turn does use log4j. However the version included pre-dates the introduction of the vulnerability and hence isn't affected.

App Aware

An internal component of the Digital.ai App Aware platform was vulnerable to the Log4J exploit and has since been fixed using vendor-supplied updates. We are continuing to monitor the situation and will update this note when required.

No customer changes are required to fix or mitigate CVE-2021-44228.

Related Information

To view Log4J notices for other Digital.ai products, please see Log4J Vulnerability to Zero Day Exploit and Digital.ai.

This article was updated on December 22nd to reflect the use of a non-affected version of log4j in the copy of eclipse bundled with Desktop Application Protection.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.