Netflow Analyzer Enterprise 12.5 vulnerability to log4j?

Netflow Analyzer Enterprise 12.5 vulnerability to log4j?

Hi,

I see that Netflow Analyzer Enterprise 12.5 is using log4j 1.x (which is 6 years End of Life so you might want to think about updating?).
According to RedHat this might be suspectible to the same vulnerability as log4j <2.5 if the configuration uses JDNI (ref Redhat: https://access.redhat.com/security/cve/CVE-2021-4104 )

Does Netflow Analyzer use JNDI in log4j and if so, in a way that makes it suspectible to the same vulnerability as we're now seeing on log4j 2.x ?

      New to ADSelfService Plus?

        Resources

                Related Products