Service Desk Plus - Apache Log4j 2

Service Desk Plus - Apache Log4j 2

Hi,

According to the recent "Apache Log4j Security Vulnerabilities",  may I know how to identify the versions of the Log4j.jar. Current file I have is dated 5/5/2020. And please advise how to apply the fix? 

Note: I cannot find the "log4j-core" in directory.

Fixed in Log4j 2.15.0

CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints.

Severity: Critical

Base CVSS Score: 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Versions Affected: all log4j-core versions >=2.0-beta9 and <=2.14.1


Thanks

        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                        Related Products