cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

​Axway SecureTransport 5.x - 5.2.1 and 5.3.3 apache log4j

Hi Team,

Is secure transport v5.2.1 and 5.3.3 also affected by apache log4j? If yes, please release advisories for this

https://support.axway.com/en/articles/article-details/id/181921/do/search

(2) Replies
raslam
By Level 7 Flexeran
Level 7 Flexeran

Thanks, Riaz, for reporting this. We have created a ticket with Secunia Research to look into this. We will get back to you ASAP. 

 

raslam
By Level 7 Flexeran
Level 7 Flexeran


We issued SA105537 for this. Essentially, the vendor had a partial conflicting statement there, which caused the confusion and triggered an inquiry to the vendor:
"Known attack vectors mitigated, and no direct vulnerability available. Possible impact exists due to log4j version."

So the vendor said both no direct vulnerability available but then said a possible impact exists.
After our inquiry, the KB was updated to state "Possible impact exists.", which then allowed us to issue SA105537.

Please note, we issued for 5.5 solely as other versions are stated as not being affected.