This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does CVE-2021-44228 (Log4j vulnerability) also impact Silk Central?

I'm wondering whether version 20.5 (and other versions) of Silk Central can be vulnerable for CVE-2021-44228 (Log4j vulnerability aka Log4Shell) ?

So far I've only found that the Silk Central installation includes the Java library slf4j-api-1.7.26.jar but I'm not sure which logging framework it uses.

Any information about this will be greatly appreciated!

Tags:

  • log4j-over-slf4j-1.7.26.jar is shipped with Silk Central. This jar does not have the log4j security issue reported in CVE-2021-44228 according to the slf4j website. 

    R&D have also confirmed that Silk Central does not have this vulnerability

  • Our security team has reported many vulnerabilities (CVE-2019-17571, CVE-2020-9488, CVE-2022-23302, CVE-2022-23305, CVE-2022-23307) for the file C:\Program Files (x86)\Silk\SilkTest\ng\controlcenter\plugins\com.borland.fastxd.controlcenter_21.0.1.11978\lib\log4j-1.2.17.jar. Installed SCTM version on the server is Silk Central Version 21.1.0.1. Please advise if we need to open a support incident or how to fix the case.