ok, it seems the hack works only with JNDI (java) together with LDAP... but if I see the whole list of affected vendors, nearl everybody has a problem ;-(
Unrelated to Snow, but there's been no reports of the same vulnerability being in log4net as well, only log4j (java). If it was log4net, Snow would 100% be the least of your worries since nearly everything uses log4net. :-)
Also that we have put together some guidelines and insights about how Snow can help with finding potential installations affected by CVE-2021-44228. As we learn more we will be sure to update and improve the advice we've given here: https://community.flexera.com/s/article/How-Snow-can-help-with-CVE-2021-44228
Hi Matthias,
I would say no ...
It was for the same function, but for .net and not java
ok, it seems the hack works only with JNDI (java) together with LDAP... but if I see the whole list of affected vendors, nearl everybody has a problem ;-(
The risk would anyway be internally for Snow Software running the update service and not for the customers running the client side SUS app.
/Preben
Unrelated to Snow, but there's been no reports of the same vulnerability being in log4net as well, only log4j (java). If it was log4net, Snow would 100% be the least of your worries since nearly everything uses log4net. :-)
That and I'd be having a *very* bad weekend.
Laim
Hi all I wanted to share that there has been a new post on the New & Updates group: https://community.flexera.com/s/feed/0D5690000B5879cCQA
Also that we have put together some guidelines and insights about how Snow can help with finding potential installations affected by CVE-2021-44228. As we learn more we will be sure to update and improve the advice we've given here: https://community.flexera.com/s/article/How-Snow-can-help-with-CVE-2021-44228