1,126
edits
Difference between revisions of "Apache Log4j & CMOD ODWEK ICN"
Apache Log4j & CMOD ODWEK ICN (view source)
Revision as of 19:41, 11 December 2021
, 19:41, 11 December 2021Updates to reflect exploitability of log4j v1.x, and added links to LinkedIn and ODUG
(Updates to reflect exploitability of log4j v1.x, and added links to LinkedIn and ODUG) |
|||
| Line 16: | Line 16: | ||
https://nvd.nist.gov/vuln/detail/CVE-2021-44228 | https://nvd.nist.gov/vuln/detail/CVE-2021-44228 | ||
[https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 Discussion of log4j v1.x susceptibility to this exploit on GitHub] | |||
== Affected Versions of Log4j == | == Affected Versions of Log4j == | ||
| Line 37: | Line 39: | ||
|ICN v2.0.3 || TBD || TBD | |ICN v2.0.3 || TBD || TBD | ||
|- | |- | ||
|ICN v3|| v1.2.x || <span style="color: | |ICN v3|| v1.2.x || <span style="color: green;>NO</span> | ||
|} | |} | ||
| Line 49: | Line 51: | ||
* An organization with CMOD on their internal network using Windows 'Thick' Clients: ''Very Low'' | * An organization with CMOD on their internal network using Windows 'Thick' Clients: ''Very Low'' | ||
* CMOD and IBM Content Navigator or Line-of-Business apps that reply on ODWEK: ''Low'' | * CMOD and IBM Content Navigator or Line-of-Business apps that reply on ODWEK: ''Low'' | ||
* | * Line-of-Business apps using CMOD that are exposed to the public internet with proper firewalls & access controls: ''Low to Medium'' | ||
* | * Line-of-Business apps using CMOD that are exposed to the public internet with unrestricted access to the CMOD server: ''High'' | ||
* CMOD and ODWEK running on the same server instance / operating system: ''Extreme'' | * CMOD and ODWEK running on the same server instance / operating system & publicly accessible: ''Extreme'' | ||
== Upgrading log4j v2.15.x == | == Upgrading log4j v2.15.x == | ||
| Line 80: | Line 82: | ||
If you have questions you'd like to see answered, find us on Twitter: https://Twitter.com/CMODwiki | If you have questions you'd like to see answered, find us on Twitter: https://Twitter.com/CMODwiki | ||
Discuss on LinkedIn: https://www.linkedin.com/posts/justinderrick_apache-log4j-cmod-odwek-icn-activity-6875483828106932224-ledY | |||
Discuss on the Content Manager OnDemand User Group Forums: http://www.odusergroup.org/forums/index.php/topic,3221.0.html | |||