Source:FAQ - Security: Difference between revisions

From SEPsesam
(Marked this version for translation)
m (typo)
Line 1: Line 1:
<noinclude><languages /></noinclude>
<noinclude><languages /></noinclude>


<translate>=== {{anchor|Log4j}}Is SEP Sesam vulnerable to the LG4J security issue? === <!--T:1-->  
<translate>=== {{anchor|Log4j}}Is SEP Sesam vulnerable to the LOG4J security issue? === <!--T:1-->  


<!--T:2-->
<!--T:2-->

Revision as of 18:42, 30 December 2021

Other languages:

Is SEP Sesam vulnerable to the LOG4J security issue?

Apache Log4j2 (issue CVE-2021-44228) has a remote code execution vulnerability that allows hackers to take control of a system. This means that the vulnerability can be exploited remotely over a network without requiring any authentication (no username and password). How does this affect SEP sesam?

Current research shows that SEP Sesam is not vulnerable to security issue CVE-2021-44228. SEP sesam uses the SLF4J logging library, which means that the Java components shipped with SEP Sesam (Si3, Si3-NG, UI/CLI) do not have direct dependencies for the Log4j module. Consequently, the vulnerable Log4j core module is not shipped with a SEP sesam installation. For more details, see SEP sesam and CVE-2021-44228.


Usage

This template is included in the FAQ and other sections describing GUI info.