S32 Design Studio and the Apache Log4j CVE-2021-45046 vulnerability

キャンセル
次の結果を表示 
表示  限定  | 次の代わりに検索 
もしかして: 

S32 Design Studio and the Apache Log4j CVE-2021-45046 vulnerability

S32 Design Studio and the Apache Log4j CVE-2021-45046 vulnerability

A vulnerability in the Apache Log4j was identified in the articles posted: CVE-2021-44228 and CVE-2021-45046

NXP has performed an analysis of this vulnerability with regard to the S32 Design Studio. Our conclusion is that the S32 Design Studio (all versions) is NOT IMPACTED. Although the Log4j is used by S32 Design Studio, the version used is 1.x and the vulnerability was introduced in version 2.12 with a combination of Java versions 9/10/11 where LDAP policy is enabled by default (CVE-2021-45046). The S32Design Studio installation environment is independent and based on Java 8 version, which is common for all tools running under S32Design Studio IDE. In addition, the S32 Design Studio does not use JMSAppender, so it is not affected by the identified log4j 1.x usage concern (CVE-2021-44228). When we determine an upgrade of the Log4j and/or Java version is required for a future release of S32 Design Studio, then this vulnerability will be addressed.

Please see the attached presentation for details on other tools owned by NXP Automotive Processing Software Tools.

ラベル(1)
添付
評価なし
バージョン履歴
最終更新日:
‎02-07-2022 01:35 PM
更新者: