This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HOPEX platform is not affected by Apache LOG4J vulnerability CVE-2021-44228

François
Administrator
Administrator
‎13-12-2021 04:17 PM

HOPEX platform does not incorporate nor make any use of Apache LOG4J and is not concerned by vulnerability CVE-2021-44228.

The full HOPEX source code is submitted every day to an Open Source Security Scanner, explicitly aimed at detecting weak or obsolete open source code, embedded directly or by cascade calls. Last days scans have not raised any alert, confirming that LOG4J is not by any way in the perimeter of HOPEX (out of the box) installation.

 

Note that the Talend component “HopexToSN_Business Process_013.zip” used to exchange data between Hopex and Service Now is using Log4j1.x which is not concerned by the vulnerability

https://logging.apache.org/log4j/2.x/security.html

 

Pre-HOPEX GRC platform (before 2013, no longer supported) did use LOG4J.

As a consequence, old documentation related to GRC platform may mention LOG4J.

Do not mix GRC platform with GRC Solution (now called IRM Solutions) on HOPEX platform.

 

For more information, please consult KB 00009869 

Labels
Contributors
Popular Articles
MEGA International © 1994 - 2024. All rights reserved