Feedback
Did this article resolve your question/issue?

   

Article

Is Corticon vulnerable to CVE-2021-44228 (Apache Log4j)?

« Go Back

Information

 
TitleIs Corticon vulnerable to CVE-2021-44228 (Apache Log4j)?
URL NameIs-Corticon-vulnerable-to-CVE-2021-44228-Apache-Log4j
Article Number000206963
Information

Corticon Web Console versions 5.7 thru 6.2 use Apache log4j version 1.2.17 but are not vulnerable to the attack listed in CVE-2021-44228 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228) with the default configuration.

Customers that modify the Corticon Web Console configuration to use the log4j JMSAppender must update their JVM version to the following builds or later.

Java 8 – 8u192 
Java 11 - 11.0.2

Corticon Studio and Corticon Server versions 5.7 thru 6.1 include but do not use Apache log4j. Corticon.js versions 1.0 thru 1.3 do not use Apache log4j.

Additional Information
For additional information on this vulnerability as it relates to other Progress products, refer to the Progress Security Center: https://www.progress.com/security

References: 
EnvironmentCorticon Web Console versions 5.7 thru 6.2
Last Modified Date12/20/2021 8:10 PM
Attachment 
Files
Disclaimer The origins of the information on this site may be internal or external to Progress Software Corporation (“Progress”). Progress Software Corporation makes all reasonable efforts to verify this information. However, the information provided is for your information only. Progress Software Corporation makes no explicit or implied claims to the validity of this information.

Any sample code provided on this site is not supported under any Progress support program or service. The sample code is provided on an "AS IS" basis. Progress makes no warranties, express or implied, and disclaims all implied warranties including, without limitation, the implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample code is borne by the user. In no event shall Progress, its employees, or anyone else involved in the creation, production, or delivery of the code be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample code, even if Progress has been advised of the possibility of such damages.