Log4j is a globally used logging library for Java applications. It is used to efficiently collect logging data from an application. The CVE-2021-44228 vulnerability in log4j was recently reported worldwide. It could potentially enable attackers to gain full control of affected servers and execute their own program code on the target system.
Does the SOPAT software use these Java components?
Yes, the SOPAT software uses the critical log4j libraries in software versions v1.3 and Dashboard versions DB v2.4 and all DB v2.5.## < DB v2.5.49 and is therefore vulnerable to the exploit.
Can I still use the SOPAT software?
This vulnerability is thus also present in the SOPAT software. The current danger depends on the active connection to servers and networks and should be assessed by your IT specialists. Please contact your company’s internal IT.
What is the remedy?
SOPAT has immediately created a new distribution for its software with a hotfix for the Dashboard version DB v.2.5.49 using log4j version 2.16. There will be another hotfix in the 1st week of 2022 which will include log4j version 2.17.