Fortify Software Security Center & CVE-2021-44228

Fortify SSC v20.* is vunerable with respect to CVE-2021-44228.

Any experience using the Log4J settings work around? 

Parents
  • @ebell. Can you clarify, are you saying (a) that your SSC software is not susceptible to the vulnerability even though it contains impacted versions of log4j, or (b) that you are not aware of any exploits on your hosted SSC/Scan central service?

    If there is an official position statement on this issue, please can you post a link?

Reply
  • @ebell. Can you clarify, are you saying (a) that your SSC software is not susceptible to the vulnerability even though it contains impacted versions of log4j, or (b) that you are not aware of any exploits on your hosted SSC/Scan central service?

    If there is an official position statement on this issue, please can you post a link?

Children