Log4J 1.x Vulnerability CVE-2021-4104
Issue
A vulnerability was discovered in Apache Log4j1.x. Does this vulnerability affect Unified Workspace? If so, how do we go about mitigation of the vulnerability?
CVE-2021-4104
Solution
Unified Workspace does use Log4J 1.2.16.
This vulnerability ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker's JMS Broker.With Unified Workspace, JMSAppender is not configured for use, and the only access to configure it for use, would require access to the server, or it's file system. Therefore Unified Workspace is NOT susceptible to this vulnerability.
Our developers, however, are currently working on upgrading Log4J to the most current release, in the next release of Unified Workspace.
UPDATE:
Log4J has been updated in Unified Workspace version 7.0.1.41.
Can't find the KB
Unable to find the KB to address your issue ?
Recent Articles
Lenovo Unified Workspace End-of-Life Questions and Answers
Will the shutdown of LUW servers and access to downloads affect my server licensing? No, the shutdown of the customer servers and access to the product and licensing downloads will not affect your server licensing. This license is downloaded and ...
How do I determine my Unified Workspace license expiration date?
The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...
Lenovo Unified Workspace 7.0.2.13 Released
Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...
LanSchool Documentation Guides
LanSchool Classic Teacher Console The LanSchool Teacher Console is the interface teachers will use to manage their classroom and students. It contains all the tools necessary for a teacher to effectively interact with students and create a ...
Lenovo Unified Workspace 7.0.1.41 Released
Highlights of Unified Workspace 7.0.1.41 Before you install: Please view the installation notes here. 7.0.1.41 requires a 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.1.41 Updated Log4j Updated Java Updated ...
Related Articles
Log4J Vulnerability CVE-2021-44228
Issue A vulnerability was discovered in Apache Log4j2. Does this vulnerability affect Unified Workspace? If so, how do we go about mitigation of the vulnerability? CVE-2021-44228 Solution Unified Workspace does use Log4J 1.2.16. We have confirmed ...
Pearson SAML webApp requires Identity as of 6.4.x.x
Issue: The customer has a Pearson SAML webApp. After upgrading to 6.4.x.x, users receive the following error when clicking on the Savvas Learning Company (formerly Pearson K12 Learning) webApp tile: HTTP ERROR 500 Problem accessing ...
How to setup console log to file
Problem: Troubleshooting an issue, but it is only happening intermittently. Real-time logging is not sufficient in these instances, so you can setup logging to file instead. Prerequisite(s): webNetwork 6.3.0.199 or above Ability to ...
Slingshot will not install after upgrading to 6.4.0.x
Symptoms: Slingshot applications are unable to install the Slingshot application for kicking off slingshot applications. Error is received "Unable to contact server." Issue: TLSv1 is disabled by default in the stoneware/config/excludeProtocols file. ...
Enable X-Forwarded-For header on a KEMP LoadMaster
Question: I have my UW relays behind a KEMP LoadMaster. When I use Web Monitor (with a column added for ipAddress) to see active user sessions, I see all the users coming from the LoadMaster's IP address. Solution: The Virtual Service for your UW ...