Is NexxisOR is impacted by the Log4j vulnerability?

Article number: [5648] - Legacy code: [12510]

On December 9, 2021, a vulnerability was detected in Log4j, an open-source Java logging library maintained by the Apache Software Foundation.

Ongoing analysis has shown that NexxisOR is not affected by this vulnerability.

Below you can find details about how to mitigate these vulnerabilities immediately and what will be the long-term solutions. 

Impact for NexxisOR

CVE-2021-4104

Affected Log4j version: 

1.2.16

Impacted: 

No

Information: 

Not applicable to NexxisOR because the vulnerable component JMSAppender is not used.

 

CVE-2019-17571

Affected Log4j version: 

1.2.16

Impacted: 

No

Information: 

Not applicable to NexxisOR because the vulnerable component SocketServer class is not used.

Please be aware that some security scanning tools only verify the version of a component to indicate if it is vulnerable or not. Based on our internal investigation of how the component is used and configured, we indicate if the vulnerability is exploitable or not. (cf. impact statement per CVE identifier in the KB).

Please note that the above article contains preliminary information and will be updated regularly.

Properties

Last updated Aug 3, 2023