(OO) Support Tip: Vulnerability of log4j 1.x does not affect OO

0 Likes

CVE-2021-4104 reports that JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration.

OO R&D has confirmed that OO is not vulnerable to or impacted by CVE-2021-4104, since JMSAppender is not used by OO.

Labels:

Support Tip
Comment List
Related
Recommended