Fortify

Home

Discussions

State Suggested Answer
Replies replies
7
Answers answer
1
Subscribers subscribers
23
Views views
1263
Users 0 members are here
+3 person also asked this people also asked this

Related Discussions

Options

Fortify Software Security Center & CVE-2021-44228

Fred Jonkhart 6 months ago

Fortify SSC v20.* is vunerable with respect to CVE-2021-44228.

Any experience using the Log4J settings work around?

Tags:

Top Replies

ebell 6 months ago +2
Statement made available from Micro Focus legal around 12/12/2021 @ 5:34 pm CST.
1. Are you aware of Log4J or Logshell/LogJam ( CVE-2021-44228 )?
  Yes, and at this point Micro Focus’ review has found no indications…

Parents

0 David Gibson
6 months ago

@ebell. Can you clarify, are you saying (a) that your SSC software is not susceptible to the vulnerability even though it contains impacted versions of log4j, or (b) that you are not aware of any exploits on your hosted SSC/Scan central service?

If there is an official position statement on this issue, please can you post a link?
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
0 ebell
6 months ago in reply to David Gibson

David, that's all I have at the moment. I know CyberRes and each product is working toward further specifics.
Cancel
Up 0 Down

Reply

Verify Answer

Cancel
Suggested Answer

0 ebell
6 months ago in reply to ebell

Here are a couple of links with additional information community.microfocus.com/.../summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228 and www.microfocus.com/.../log4j
Cancel
Up 0 Down

Reply

Verify Answer

Reject Answer

Cancel

Reply

Suggested Answer

0 ebell
6 months ago in reply to ebell

Here are a couple of links with additional information community.microfocus.com/.../summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228 and www.microfocus.com/.../log4j
Cancel
Up 0 Down

Reply

Verify Answer

Reject Answer

Cancel

Children

No Data

Resources

CyberRes Academy

Help

Company

Privacy Policy
Terms of Use

Accessibility
Anti-Slavery Statement

Support
How To Buy

Careers
Investor Relations

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.