Log4j CVE-2021-44228 (aka LogJam/LogShell)
Dear customers and partners,
We have scanned our codebase and can confirm that, out of the box, MooD software does not use the Log4J library, thus we believe we are not vulnerable to this exploit.
However, any customer, project team, or partner who extends MooD functionality with custom tools, scripts or visualizations, will need to scan those components and their dependencies to verify if they are vulnerable.
-
Customers may discover through file searches, that SQL Server contains a .jar file for log4j.
According to Microsoft, this is a connector to log4j, for those applications which require it, and not in use by default.
Please sign in to leave a comment.
Comments
1 comment