Source:FAQ - Security

From SEPsesam
Translate this page
Other languages:

Is SEP Sesam vulnerable to the LOG4J security issue?

Apache Log4j2 (issue CVE-2021-44228) has a remote code execution vulnerability that allows hackers to take control of a system. This means that the vulnerability can be exploited remotely over a network without requiring any authentication (no username and password). How does this affect SEP sesam?

Current research shows that SEP Sesam is not vulnerable to security issue CVE-2021-44228. SEP sesam uses the SLF4J logging library, which means that the Java components shipped with SEP Sesam (Si3, Si3-NG, UI/CLI) do not have direct dependencies for the Log4j module. Consequently, the vulnerable Log4j core module is not shipped with a SEP sesam installation. For more details, see SEP sesam and CVE-2021-44228.

Copyright © SEP AG 1999-2024. All rights reserved.
Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.
Retrieved from "https://wiki.sep.de/wiki/index.php?title=Source:FAQ_-_Security/en&oldid=259804"