Comments (8)
BassieZ
commented on July 17, 2024
1
https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2021-347-01
At least they are aware. No fix available yet
from log4shell.
maertsen
commented on July 17, 2024
@OS3DrNick we would very much appreciate a PR. Let me know if that causes issues (time or otherwise).
from log4shell.
OS3DrNick
commented on July 17, 2024
i hope its oke: #53
from log4shell.
martijngoorman
commented on July 17, 2024
Also PowerChute Network Shutdown 4.2.0 is vulnerable. Uses 2.2
C:\Program Files\APC\PowerChute\ {group name} \lib
- log4j-api-2.2.jar
- log4j-core-2.2.jar
from log4shell.
OS3DrNick
commented on July 17, 2024
if everything's goes correctly PR is updated with new info.
from log4shell.
maertsen
commented on July 17, 2024
thanks both!
from log4shell.
MoweME
commented on July 17, 2024
On December 17, Apache updated the previously Low Severity CVE-2021-45046, to Critical
severity as the vulnerability now includes the potential for information leakage or remote code
execution, in addition to the previously known risk of denial of service. Apache released Log4j
versions 2.16.0 (for Java 8 or later) and 2.12.2 (for Java 7) to fix both CVE-2021-44228 and
CVE-2021-45046.
Source: https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2021-347-01
About a week too late to notice the seriousness of the situation.
Is that how they want to talk their way out of this? APC could have thought of it itself....
Anyway, at least there will be an update soon...
from log4shell.
SequoiaDu
commented on July 17, 2024
Mitigation has been published for PCBE and network shutdown: https://www.se.com/ww/en/download/document/SESB-2021-347-01/
from log4shell.
Related Issues (20)
- Add Ucopia
- Idea: create an csv file of software HOT 1
- Add DotCMS
- typo: Akamai Eanterprise Application Access Connector HOT 2
- please uphold the formatting for hunting
- Software list stops at " Riverbed" HOT 1
- What do you think about this regex HOT 2
- Somewhere between #648 and $current, all listings >R have disappeared HOT 3
- Elasticsearch wrong version HOT 2
- Eaton Intelligent Power Protector v1.67 HOT 2
- Quadiant Hybridmail en Automation HOT 2
- FEDEX Ship Manager HOT 5
- 7-Zip doesn't use Java
- Affected Software main page is broken at Lenovo HOT 1
- Add Python Development Environment
- mitel phone systems HOT 1
- Software list is not visible as the file is to big to be shown. HOT 1
- Update voor Dell EMC Unity HOT 5
- Update overview HOT 2
- U
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from log4shell.