Hi Boris,

Micro Focus has created this site with status updates:

https://www.microfocus.com/en-us/about/product-security-response-center/log4j

Also you can visit the Product Support portal for a list of the security bulletins to the Log4j.

https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228

Here appears what to do with DP:

CVE-2021-44228 vulnerability for Micro Focus Data Protector

https://portal.microfocus.com/s/article/KM000003052?language=en_US

Hope this can help but  review regularly these sites for next updates.

Rgds

/TR

Kindly note that we are not aware of any current indications of compromise related to Log4j compromise or related vulnerabilities.

We have a robust, dedicated, full-time threat intelligence team with a Microfocus-wide view that is constantly reviewing new reports of vulnerabilities, threats, and compromises for possible impact on our information assets.

1. Are you aware of Log4J or Logshell/LogJam ( CVE-2021-44228 )?

Yes, and at this point Micro Focus’ review has found no indications of a vulnerability being exploited. We continue to monitor closely.

2. What is Micro Focus doing?

The appropriate security teams are fully engaged and have been since we were first alerted on Friday.

We are following Cybersecurity and Infrastructure Security Agency (CISA) and National Cyber Security Centre (NCSC) guidance on this issue.

In addition, Micro Focus has implemented a Secure Development Lifecycle that includes Supply Chain Security, 3rd Party Component Manifest and 3rd Party Component Monitoring. Using these formal processes, we are working through this subject.

At the Micro Focus network enterprise-level, our internal security tooling has been updated and we will continue to monitor our operations for issues.

Kindly note that we are not aware of any current indications of compromise related to Log4j compromise or related vulnerabilities.

We have a robust, dedicated, full-time threat intelligence team with a Microfocus-wide view that is constantly reviewing new reports of vulnerabilities, threats, and compromises for possible impact on our information assets.

1. Are you aware of Log4J or Logshell/LogJam ( CVE-2021-44228 )?

Yes, and at this point Micro Focus’ review has found no indications of a vulnerability being exploited. We continue to monitor closely.

2. What is Micro Focus doing?

The appropriate security teams are fully engaged and have been since we were first alerted on Friday.

We are following Cybersecurity and Infrastructure Security Agency (CISA) and National Cyber Security Centre (NCSC) guidance on this issue.

In addition, Micro Focus has implemented a Secure Development Lifecycle that includes Supply Chain Security, 3rd Party Component Manifest and 3rd Party Component Monitoring. Using these formal processes, we are working through this subject.

At the Micro Focus network enterprise-level, our internal security tooling has been updated and we will continue to monitor our operations for issues.