ATIX AG has confirmed that orcharhino 5.10 and the upcoming orcharhino 5.11 release are not affected by the log4j vulnerability.
Neither orcharhino Server, orcharhino Proxy, nor any plugins provided by ATIX are affected by the remote code execution vulnerability.
Who controls your IT – you or your dependencies?
Read the free white paper to find out how to identify critical dependencies, make your infrastructure resilient and regain full control over operations, updates and automation.
On December 9th 2021, a critical security vulnerability CVE-2021-44228 in Apache Log4j with a CVSS severity level 10 out of 10 has been reported.
It is a remote code execution vulnerability, which means that if an attacker exploits it on a vulnerable host, they can execute arbitrary code and potentially take control of the system.
According to the project website, “Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints”.
If you are using it in your own projects, you should update Apache Log4j to 2.16+ as soon as possible.
If you have any further questions, feel free to reach out to us.
Sources:
