Source:FAQ - Security: Difference between revisions
(Marked this version for translation) |
m (typo) |
||
Line 1: | Line 1: | ||
<noinclude><languages /></noinclude> | <noinclude><languages /></noinclude> | ||
<translate>=== {{anchor|Log4j}}Is SEP Sesam vulnerable to the | <translate>=== {{anchor|Log4j}}Is SEP Sesam vulnerable to the LOG4J security issue? === <!--T:1--> | ||
<!--T:2--> | <!--T:2--> |
Revision as of 18:42, 30 December 2021
Is SEP Sesam vulnerable to the LOG4J security issue?
Apache Log4j2 (issue CVE-2021-44228) has a remote code execution vulnerability that allows hackers to take control of a system. This means that the vulnerability can be exploited remotely over a network without requiring any authentication (no username and password). How does this affect SEP sesam?
Current research shows that SEP Sesam is not vulnerable to security issue CVE-2021-44228. SEP sesam uses the SLF4J logging library, which means that the Java components shipped with SEP Sesam (Si3, Si3-NG, UI/CLI) do not have direct dependencies for the Log4j module. Consequently, the vulnerable Log4j core module is not shipped with a SEP sesam installation. For more details, see SEP sesam and CVE-2021-44228.
Usage
This template is included in the FAQ and other sections describing GUI info.