Last update: 16/12/2021
Status MOA-SPSS log4j Vulnerability
Dear Ladies and gentlemen, From the current point of view, there is no urgent need for action at MOA-SPSS with regard to the log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046. In detail, the problematic component for CVE-2021-44228 is in the logger backend implementation of log4j and thus in the file "log4j-core-xxx.jar", whereby all versions between 2.0.0 and <2.16.0 are affected. This does not affect, for example, the log4j API "log4j-api-xxx.jar", since it only provides the interface but no implementation, or log4j bridges, such as "log4j-to-slf4j-xxx.jar", as this only provides one…
ICT security