en
Support
Status
Shop
Last week, a critical vulnerability in the widely used logging library log4j 2 became known. The log4j versions included in the verinice.PRO server are not affected by the vulnerability!
The vulnerability is described in this article: Log4Shell and was dedicated the CVS number CVE-2021-44228 .
For more information, see the article in our verinice forum: https://forum.verinice.com/t/verinice-nicht-betroffen-von-log4j-schwachstelle/
However, on a verinice.PRO system there may be other Java applications in Tomcat that have not been installed by the verinice team. Since these applications may contain affected log4j versions, the team recommends including a parameter in the Tomcat configuration that prevents exploitation of the vulnerability in other applications. Again, see our forum post for details: https://forum.verinice.com/t/verinice-nicht-betroffen-von-log4j-schwachstelle/
Feel free to contact our team if you have any further questions.
