Is PeopleSync affected by "Log4Shell" (CVE-2021-44228)?

\uD83E\uDD14 Problem

A zero-day exploit has been found in the “Apache log4j” Java Component. The exploit allows remote code execution. This security issue is logged as “CVE-2021-44228”. It has the nickname “Log4Shell”.

The exploit uses the Java Naming and Directory Interface (JNDI).

NVD - CVE-2021-44228 (nist.gov)

Is PeopleSync affected?

\uD83C\uDF31 Solution

No. PeopleSync is not affected.

Product

Vulnerable

Reason

PeopleSync Backend

No

The Backend is written in .net. We are not using log4j.

For logging, we are using log4net, which is a port of log4j to the .net framework. Due to the absence of JNDI in .net, it is not possible to exploit Log4Shell in log4net.

PeopleSync Frontend

No

The Frontend is written in PHP. We are not using log4j.

PeopleSync Android App

No

There are no dependencies to log4j.

\uD83D\uDCCE Related articles

Page:

How to know if Frontend is operational
Page:

Service does not Start after Update - Error 1110 in Eventlog
Page:

Object Filters for AD / LDAP Agents
Page:

User Roles Menu Not Visible in Navigation
Page:

Database Agent: Certificate Trust Issues