This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does CVE-2021-44228 (Log4j vulnerability) also impact Silk Central?

I'm wondering whether version 20.5 (and other versions) of Silk Central can be vulnerable for CVE-2021-44228 (Log4j vulnerability aka Log4Shell) ?

So far I've only found that the Silk Central installation includes the Java library slf4j-api-1.7.26.jar but I'm not sure which logging framework it uses.

Any information about this will be greatly appreciated!

Tags:

Parents
  • Our security team has reported many vulnerabilities (CVE-2019-17571, CVE-2020-9488, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) for the file C:\Program Files (x86)\Silk\SilkTest\ng\controlcenter\plugins\com.borland.fastxd.controlcenter_21.0.1.11978\lib\log4j-1.2.17.jar. Installed SCTM version on the server is Silk Central Version 21.1.0.1. Please advise if we need to open a support incident or how to fix the case.

Reply
  • Our security team has reported many vulnerabilities (CVE-2019-17571, CVE-2020-9488, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) for the file C:\Program Files (x86)\Silk\SilkTest\ng\controlcenter\plugins\com.borland.fastxd.controlcenter_21.0.1.11978\lib\log4j-1.2.17.jar. Installed SCTM version on the server is Silk Central Version 21.1.0.1. Please advise if we need to open a support incident or how to fix the case.

Children
No Data