Feedback
Did this article resolve your question/issue?

   

Article

UPDATED: Is OpenEdge vulnerable to the various 2021 Log4j vulnerabilities?

« Go Back

Information

 
TitleUPDATED: Is OpenEdge vulnerable to the various 2021 Log4j vulnerabilities?
URL NameIs-OpenEdge-vulnerable-to-the-various-2021-Log4J-vulnerabilities
Article Number000207366
Information
The following OpenEdge components are impacted by the 2021 Log4j vulnerabilities and require immediate mitigation or product update:
 
  • 11.7.11 Classic Rest Adapter
  • 11.7.11 “import-export” Utility (configutil)
  • OpenEdge Command Center (OECC) Version 1
NOTE: The OpenEdge Command Center is part of a separate product installer whereas 11.7.11 components are part of the OpenEdge product installation.

Product Updates are available to address the 2021 Log4j vulnerabilities:
 
  • OpenEdge 11.7.12
  • OpenEdge Command Center (OECC) Agent 1.0.1
Other OpenEdge components and versions (Release 12 family) do not use Log4j.2.x.  A scan will show use of a Log4j.1.x version which is not impacted by this vulnerability.

For a more in-depth explanation, product updates and alternative mitigations, please see the following list of KB articles:

Steps to upgrade log4j2 to 2.17.0 jars in OpenEdge 11.7.11
UPDATED: Is OpenEdge vulnerable to CVE-2021-44228 (Log4j)?
Clarifications associated with the CVE-2021-44228 vulnerability on OpenEdge products.
Log4j 1.2.x Mitigations for OpenEdge

 
Additional Information
EnvironmentOpenEdge version 11.7.11, OECC 1.0
Last Modified Date1/7/2022 7:49 PM
Attachment 
Files
Disclaimer The origins of the information on this site may be internal or external to Progress Software Corporation (“Progress”). Progress Software Corporation makes all reasonable efforts to verify this information. However, the information provided is for your information only. Progress Software Corporation makes no explicit or implied claims to the validity of this information.

Any sample code provided on this site is not supported under any Progress support program or service. The sample code is provided on an "AS IS" basis. Progress makes no warranties, express or implied, and disclaims all implied warranties including, without limitation, the implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample code is borne by the user. In no event shall Progress, its employees, or anyone else involved in the creation, production, or delivery of the code be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample code, even if Progress has been advised of the possibility of such damages.