compared with
Current by Ethan Lively
on Dec 13, 2021 13:59.

Key
This line was removed.
This word was removed. This word was added.
This line was added.

Changes (7)

View Page History
--- *In regards to CVE-2021-44228 : Apache Log4j2 / Log4Shell* --\-
{color:windowtext}The R1Soft team has evaluated the implementation of log4j used in our Server Backup Manager software, and has determined the version in use by the SBM is NOT affected{color} is *NOT* affected by the Log4Shell Apache Log4j2 vulnerability reported in CVE-2021-44228.
{color:windowtext}by the {color}{color:windowtext}Log4Shell {color}{color:windowtext}Apache Log4j2 vulnerability reported in {color}{color:windowtext}CVE-2021-44228.{color}
The log4j version used by the SBM is outside of the affected range of versions. 
{color:windowtext}Risk Assessment :{color} {color:windowtext}{*}{+}Not Vulnerable{+}{*}{color}

{color:windowtext}The log4j version used by the SBM is not included in the range of affected versions. {color}{color:windowtext} {color}

--- *In regards to CVE-2021-4104 : A flaw was found in the Java logging library Apache Log4j in version 1.x* --\-
This CVE is specifically configuring a JNDIAppender with log4j. This is not a configuration used by the Server Backup Manager.
{color:windowtext}Risk Assessment :{color} {color:windowtext}{*}{+}Not :{color} {color:windowtext}{*}{+}Not Vulnerable{+}{*}{color}