jdf864 asked a question.
Can we get detailed rationale for why the unaffected Snow products are unaffected?
Thank you for all your quick work on this topic!
My vulnerability team - in addition to confirming that our purchased products are not vulnerable to the Dec. 2021 log4j exploit - wants to also collect each vendor's rationale for why they are not vulnerable to the exploit. Example explanations include: product X uses log4j version y.y.y, which is not vulnerable; product X includes a vulnerable version of log4j, but through configuration log4j is disabled.
Can you provide this detail for each of your non-vulnerable products? Thank you again for your time!
Jonathan,
I am happy to say that all of the Snow License Manager products are unaffected by the Log4J exploit as we do not utilize this within our application. Snow Commander is a completely different product not stemming from Snow License Manager which is why we announced the problem and resolution. This is covered in https://community.flexera.com/s/article/Vulnerability-in-Log4j-CVE-2021-45105
If you have any additional questions/concerns feel free to respond or open a support ticket with the Snow team.
Kind Regards,
Gabe Ortiz
Snow Software Inc