{"id":5201,"date":"2021-12-17T11:04:09","date_gmt":"2021-12-17T09:04:09","guid":{"rendered":"https:\/\/zen-cori.138-201-132-86.plesk.page\/?post_type=news&#038;p=5201"},"modified":"2022-07-25T11:35:03","modified_gmt":"2022-07-25T09:35:03","slug":"log4j-vulnerability","status":"publish","type":"news","link":"https:\/\/www.btc-embedded.com\/de\/news\/log4j-vulnerability\/","title":{"rendered":"Log4j Vulnerability"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"5201\" class=\"elementor elementor-5201\" data-elementor-post-type=\"news\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3757c12 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3757c12\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4d20668\" data-id=\"4d20668\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c2a5fba elementor-widget elementor-widget-text-editor\" data-id=\"c2a5fba\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"\">We are getting requests from our customers who are concerned about the so-called Log4j\u00a0vulnerability.<\/div><div class=\"\">\u00a0<\/div><div class=\"\">Log4j is an open source, Java-based Apache logging framework which can be used to record and document messages created by software applications. The recently\u00a0<span class=\"\">discovered<\/span>\u00a0vulnerabilities (CVE-2021-44228 and CVE-2021-45046) affect several Log4j 2.X versions and allow remote code extraction due to erroneous handling of JNDI constructs. See\u00a0<a class=\"\" title=\"https:\/\/logging.apache.org\/log4j\/2.x\/index.html\" contenteditable=\"false\" href=\"https:\/\/logging.apache.org\/log4j\/2.x\/index.html\" target=\"_blank\" rel=\"noopener\">https:\/\/logging.apache.org\/log4j\/2.x\/index.html<\/a>\u00a0for more information.\u00a0<\/div><div class=\"\">\u00a0<\/div><div class=\"\">We have performed a dependency analysis for BTC EmbeddedPlatform.\u00a0<strong>BTC EmbeddedPlatform is not using Log4j as a logging mechanism.<\/strong><\/div><div class=\"\">\u00a0<\/div><div class=\"\">Although Log4j is not used, a\u00a0<strong>non-affected<\/strong>\u00a0Log4j 1.x version (s<span class=\"\">ee\u00a0<\/span><a class=\"\" title=\"https:\/\/logging.apache.org\/log4j\/2.x\/security.html#CVE-2021-45046\" contenteditable=\"false\" href=\"https:\/\/logging.apache.org\/log4j\/2.x\/security.html#CVE-2021-45046\" target=\"_blank\" rel=\"noopener\">https:\/\/logging.apache.org\/log4j\/2.x\/security.html#CVE-2021-45046<\/a>) is part of the BTC EmbeddedPlatform installation via the underlying Eclipse framework. \u00a0<\/div><div class=\"\">\u00a0<\/div><div class=\"\"><strong>Therefore, we can confirm, that none of our BTC EmbeddedPlatform Releases are affected by\u00a0<span class=\"\">CVE-2021-44228 and CVE-2021-45046<\/span>.<\/strong><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-e6fa827 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"e6fa827\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0db137d\" data-id=\"0db137d\" data-element_type=\"column\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t<div class=\"elementor-widget-wrap\">\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>We are getting requests from our customers who are concerned about the so-called Log4j vulnerability.<\/p>\n","protected":false},"featured_media":0,"template":"elementor_theme","class_list":["post-5201","news","type-news","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.btc-embedded.com\/de\/wp-json\/wp\/v2\/news\/5201","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.btc-embedded.com\/de\/wp-json\/wp\/v2\/news"}],"about":[{"href":"https:\/\/www.btc-embedded.com\/de\/wp-json\/wp\/v2\/types\/news"}],"version-history":[{"count":0,"href":"https:\/\/www.btc-embedded.com\/de\/wp-json\/wp\/v2\/news\/5201\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.btc-embedded.com\/de\/wp-json\/wp\/v2\/media?parent=5201"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}