Axway SecureTransport 5.x - 5.2.1 and 5.3.3 apache log4j
This thread has been automatically locked due to inactivity.
To continue the discussion, please start a new thread.
We issued SA105537 for this. Essentially, the vendor had a partial conflicting statement there, which caused the confusion and triggered an inquiry to the vendor:
"Known attack vectors mitigated, and no direct vulnerability available. Possible impact exists due to log4j version."
So the vendor said both no direct vulnerability available but then said a possible impact exists.
After our inquiry, the KB was updated to state "Possible impact exists.", which then allowed us to issue SA105537.
Please note, we issued for 5.5 solely as other versions are stated as not being affected.