Apache Log4j library vulnerability does not affect Rovius CP

The remote code execution vulnerability, CVE-2021-44228, in the Apache Log4j library appears to affect Log4j 2.x (versions 2.0-2.14.1).

Rovius CP uses the Log4j 1.x version. However, Log4j 1.x version is vulnerable with JMSAppender and Rovius CP does not use this Appender. 

To send the Syslog messages, Rovius CP uses Syslog as the Log4j Appender.

Therefore, there is no impact on Rovius CP due to the CVE-2021-44228 vulnerability.

 

Comments