Log4J Remote Code Execution vulnerability

Log4J Remote Code Execution vulnerability

On December 10th, NIST published information about a vulnerability affecting Log4J, an extremely popular Java logging utility. CVE-2021-44228 has a CVSS score of 10, the most critical rating. 

Mediawide has conducted an initial review of the Mediawide internally developed products and determined there was only a single application impacted by the CVE-2021-44228 related to Apache Log4j.

This application is a Mediawide API that runs as a bundle in Adobe Experience Manager (on-prem), This bundle has been updated to make the log4j dependency be based on version 2.17.0.  This fixes the vulnerability and also addresses two other vulnerabilities in CVE-2021-45105 and CVE-2021-45046. To obtain this updated bundle, please open a support ticket here.

Further information regarding log4j version 2.17.0 can be found here.

Mediawide can confirm no other application utilizes the Log4j jar, this includes the Creative Management Platform, the Personalized Video Platform, or the Ad Booking Platform.

If you would like to speak to Mediawide regarding this outcome, please use the Support Desk to open a new ticket, or contact Mediawide through your usual channels.

Team Mediawide