- This topic has 0 replies, 1 voice, and was last updated 2 years, 4 months ago by
.
Viewing 1 post (of 1 total)
-
Posts
-
We are aware of a vulnerability reported in the Apache Log4j/Log4j2 software component (https://nvd.nist.gov/vuln/detail/CVE-2021-44228).
Intercede can confirm that it does not ship Log4j or Log4j2 in any supported version of MyID.
Intercede does use log4net extensively which started as a port of log4j2, and under certain configurations can produce log files that conform to the log4j2 schema and contain the text log4j2. However CVE-2021-44228 is specific to log4j2 and does not affect log4net.
Since Intercede interfaces to many other 3rd party systems (e.g. Certificate Authorities, LDAP, PACS) it is important to check with the vendors of those other systems to ensure those do not contain a vulnerable log4j/log4j2 dependency.
Viewing 1 post (of 1 total)
- The forum ‘MyID Announcements’ is closed to new topics and replies.