S32 Design Studio and the Apache Log4j CVE-2021-45046 vulnerability

取消
显示结果 
搜索替代 
您的意思是: 

S32 Design Studio and the Apache Log4j CVE-2021-45046 vulnerability

无评分

S32 Design Studio and the Apache Log4j CVE-2021-45046 vulnerability

A vulnerability in the Apache Log4j was identified in the articles posted: CVE-2021-44228 and CVE-2021-45046

NXP has performed an analysis of this vulnerability with regard to the S32 Design Studio. Our conclusion is that the S32 Design Studio (all versions) is NOT IMPACTED. Although the Log4j is used by S32 Design Studio, the version used is 1.x and the vulnerability was introduced in version 2.12 with a combination of Java versions 9/10/11 where LDAP policy is enabled by default (CVE-2021-45046). The S32Design Studio installation environment is independent and based on Java 8 version, which is common for all tools running under S32Design Studio IDE. In addition, the S32 Design Studio does not use JMSAppender, so it is not affected by the identified log4j 1.x usage concern (CVE-2021-44228). When we determine an upgrade of the Log4j and/or Java version is required for a future release of S32 Design Studio, then this vulnerability will be addressed.

Please see the attached presentation for details on other tools owned by NXP Automotive Processing Software Tools.

标签 (1)
附件
版本历史
修订号:
第2页 共2页
最后更新:
‎02-07-2022 01:35 PM
更新人: