News and information about verinice.

Learn everything that is important

verinice not affected by log4j vulnerability

Last week, a critical vulnerability in the widely used logging library log4j 2 became known. The log4j versions included in the verinice.PRO server are not affected by the vulnerability!

The vulnerability is described in this article, among others: Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package and has the CVS number CVE-2021-44228 erhalten.

For more information, see the article in our verinice forum:

However, on a verinice.PRO system there may be other Java applications in Tomcat that have not been installed by the verinice team. Since these applications may contain affected log4j versions, the team recommends including a parameter in the Tomcat configuration that prevents exploitation of the vulnerability in other applications. Again, see our forum post for details:

Feel free to contact our team if you have any further questions.

Search News

Press contact:

Claudia Krell


Deutsch English Lingua italiana Český jazyk
Contact us

We are here for you!

Our sales team will be happy to help you with any questions you may have about SerNet's verinice products and services - personally and tailored to your individual interests.

You can reach us directly by phone at +49 551 370000-0.
Send us an email at

* mandatory fields
© SerNet GmbH, 2024