15. December 2021

orcharhino is not affected by log4j Vulnerability

[av_one_full first min_height=” vertical_alignment=’av-align-top’ space=” margin=’0px’ margin_sync=’true’ padding=’0px,15%,0px,15%’ border=” border_color=” radius=’0px’ radius_sync=’true’ background_color=” src=” attachment=” attachment_size=” background_position=’top left’ background_repeat=’no-repeat’ animation=” mobile_breaking=” mobile_display=”]

[av_heading tag=’h2′ padding=’10’ heading=’orcharhino is not affected by log4j Vulnerability’ color=’custom-color-heading’ style=” custom_font=’#8dc63f’ size=” subheading_active=” subheading_size=’15’ custom_class=” admin_preview_bg=” av-desktop-hide=” av-medium-hide=” av-small-hide=” av-mini-hide=” av-medium-font-size-title=” av-small-font-size-title=” av-mini-font-size-title=” av-medium-font-size=” av-small-font-size=” av-mini-font-size=”][/av_heading]

[av_hr class=’default’ height=’50’ shadow=’no-shadow’ position=’center’ custom_border=’av-border-thin’ custom_width=’50px’ custom_border_color=” custom_margin_top=’30px’ custom_margin_bottom=’30px’ icon_select=’yes’ custom_icon_color=” icon=’ue808′ av-desktop-hide=” av-medium-hide=” av-small-hide=” av-mini-hide=”]

[av_textblock size=’14’ font_color=” color=” av-medium-font-size=” av-small-font-size=” av-mini-font-size=” admin_preview_bg=”]
Garching, December 15th, 2021

ATIX AG has confirmed that orcharhino 5.10 and the upcoming orcharhino 5.11 release are not affected by the log4j vulnerability.
Neither orcharhino Server, orcharhino Proxy, nor any plugins provided by ATIX are affected by the remote code execution vulnerability.

On December 9th 2021, a critical security vulnerability CVE-2021-44228 in Apache Log4j with a CVSS severity level 10 out of 10 has been reported.
It is a remote code execution vulnerability, which means that if an attacker exploits it on a vulnerable host, they can execute arbitrary code and potentially take control of the system.

According to the project website, “Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints”.
If you are using it in your own projects, you should update Apache Log4j to 2.16+ as soon as possible.

If you have any further questions, feel free to reach out to us.

Sources:

[/av_textblock]

[/av_one_full]

Weitere Beiträge

Ready to get started?

Start your
free trial today!

If you have any questions about our products and services or any other
topics, please do not hesitate to contact us.

Suche
Search