Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

\uD83E\uDD14 Problem

A zero-day exploit has been found in the “Apache log4j” Java Component. The exploit allows remote code execution. This security issue is logged as “CVE-2021-44228” and “CVE-2021-45046” for version 2.15 of log4j. It has the nickname “Log4Shell”.

The exploit uses the Java Naming and Directory Interface (JNDI).

Is PeopleSync affected?

\uD83C\uDF31 Solution

No. , PeopleSync is not affected.

Product

Vulnerable

Reason

PeopleSync Backend

No

The Backend is written in .net. We are not using log4j.

For logging, we are using log4net, which is a port of log4j to the .net framework. Due to the absence of JNDI in .net, it is not possible to exploit Log4Shell in log4net.

PeopleSync Frontend

No

The Frontend is written in PHP. We are not using log4j.

PeopleSync Android App

No

There are no dependencies to log4j.

(info) Other components

If you run any 3rd-party-components on your server, please check them for the vulnerability and contact the manufacturer of the software or author of the component.

We are aware of log4j being an extension of the DTS component in some versions of Microsoft SQL Server. PeopleSync neither uses nor requires DTS. As far as we can oversee this now, Microsoft is using a version of log4j not affected by this specific vulnerability. It may possibly be vulnerable to CVE-2021-4104. Microsoft Product Support Services will help you to remove or update the component if required.

Filter by label (Content by label)
showLabelsfalse
max5
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@259e9a
sortmodified
showSpacefalse
reversetrue
typepage
cqllabel = "kb-troubleshooting-article" and type = "page" and space = "PSKB"
labelskb-troubleshooting-article