Safeguard Community

Forum Apache log4j vulnerability (CVE-2021-44228)

State Verified Answer
+4 person also asked this people also asked this
Replies 6 replies
Subscribers 35 subscribers
Views 7115 views
Users 0 members are here

Options

Related

Apache log4j vulnerability (CVE-2021-44228)

seh over 2 years ago

Hello all!

Does anyone know which products are impacted by this vulnerability?

Maybe Safeguard for Privileged Passwords with Apache Cassandra?

We are waiting for the One Identity official response.

Thank you in advance and good luck!

Top Replies

Parents

0 seh over 2 years ago

It seems there is a KB for several products like Safeguard SPP, Password Manager, Identity Manager -> they don't use log4j!
But the KB isn't available...

For example, Safeguard SPP: https://support.oneidentity.com/fr-fr/one-identity-safeguard-for-privileged-passwords/kb?k=log4j&lang=fr-fr&cause=
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Reply

0 seh over 2 years ago

It seems there is a KB for several products like Safeguard SPP, Password Manager, Identity Manager -> they don't use log4j!
But the KB isn't available...

For example, Safeguard SPP: https://support.oneidentity.com/fr-fr/one-identity-safeguard-for-privileged-passwords/kb?k=log4j&lang=fr-fr&cause=
Cancel
Up 0 Down

Reply

Verify Answer

Cancel

Children

0 Clint Coady over 2 years ago in reply to seh

Hello. Quest and One Identity's security team and product teams are aware of the log4j zero-day vulnerability that was disclosed on December 9^th and have been working to assess the impact of each product. A comprehensive blog post is being drafted and will published as soon as the investigation is complete.
Cancel
Up +2 Down

Reply

Verify Answer

Cancel