Topic Options
#67417 - 12/15/21 12:48 PM LOG4J exploit and SAP Crystal Reports
TomDillon Offline
New Guy

Registered: 08/23/19
Posts: 6
Loc: California, USA
Searching our Adagio server, we find the vulnerable LOG4J java files on the server, apparently installed by SAP Crystal Reports. What can we do to mitigate the risks inherent with this zero day exploitable code. Will we break anything by simply removing all the directories with the LOG4J modules?

What is Softrak doing about this zero day exploit? Have any statements been made, and how to mitigate the risk on Adagio products?

Top
#67418 - 12/15/21 01:00 PM Re: LOG4J exploit and SAP Crystal Reports [Re: TomDillon]
Douglas Dickie Offline
Adagio God

Registered: 06/02/99
Posts: 4414
Loc: Vancouver, BC
Tom:

We have numerous Log4j on our server, not just Crystal reports.

As I understand it, in order to exploit the vulnerability a hacker would need to access your server from the internet using either Web services or Java. Make sure that anything someone can run from your website to access your server is patched.

This doesn't apply to Microsoft's RDP.
_________________________
Douglas Dickie
AccSys Solutions Inc
Phone: 1.888.534.4344
ddickie@accsyssolutions.com

Top


Moderator:  Softrak Support 
Who's Online
1 registered (AudreyQuick), 71 Guests and 1 Spider online.
Key: Admin, Global Mod, Mod
Forum Stats
1865 Members
5 Forums
14471 Topics
70679 Posts

Max Online: 432 @ 01/20/25 10:17 PM
April
Su M Tu W Th F Sa
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30