Log4J 1.x Vulnerability CVE-2021-4104

Log4J 1.x Vulnerability CVE-2021-4104

Issue

A vulnerability was discovered in Apache Log4j1.x. Does this vulnerability affect Unified Workspace? If so, how do we go about mitigation of the vulnerability?

CVE-2021-4104

Solution

Unified Workspace does use Log4J 1.2.16.

This vulnerability ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker's JMS Broker.With Unified Workspace, JMSAppender is not configured for use, and the only access to configure it for use, would require access to the server, or it's file system.  Therefore Unified Workspace is NOT susceptible to this vulnerability.

Our developers, however, are currently working on upgrading Log4J to the most current release, in the next release of Unified Workspace.
    • Related Articles

    • Log4J Vulnerability CVE-2021-44228

      Issue A vulnerability was discovered in Apache Log4j2. Does this vulnerability affect Unified Workspace? If so, how do we go about mitigation of the vulnerability? CVE-2021-44228 Solution Unified Workspace does use Log4J 1.2.16. We have confirmed ...
    • Pearson SAML webApp requires Identity as of 6.4.x.x

      Issue: The customer has a Pearson SAML webApp. After upgrading to 6.4.x.x, users receive the following error when clicking on the Savvas Learning Company (formerly Pearson K12 Learning) webApp tile: HTTP ERROR 500 Problem accessing ...
    • Enable/Disable Speak To Class OS X

      Problem: How to enable/disable Speak to Class on OS X. Prerequisite(s): LanSchool installation zip file. Solution(s): Locate the LanSchool Media (.zip file downloaded from LanSchool Customer Portal), within you should see a Mac folder. Within you ...
    • How to setup console log to file

      Problem:  Troubleshooting an issue, but it is only happening intermittently.  Real-time logging is not sufficient in these instances, so you can setup logging to file instead.    Prerequisite(s): webNetwork 6.3.0.199 or above Ability to ...
    • How to disable Auto Load of Teacher on OS X

      Problem: How to disable Auto load of the Teacher Client on OS X. Solution(s): To prevent Mac OS X Teacher from auto starting, open a terminal, and type the following: "sudo /Applications/LanSchool/Teacher.app/Contents/MacOS/Teacher /remove" or to get ...
    • Popular Articles

    • Configuring and Troubleshooting Wake on Lan

      This content has moved! Visit the new LanSchool Classic Help Desk It looks like you may be interested in Configuring and Troubleshooting Wake on Lan.
    • Reporting server discovery

      The discovery of the reporting server is done automatically and cannot be configured by the end user.  The reporting server will broadcast on UDP 796 a packet containing the address of the reporting server.    - In a peer to peer environment, the ...
    • Registry Switches for Options

      Problem: What are the registry switches for the Options key? Solution(s): In the registry of the Teacher or Student machine, locate the following registry location and make changes to the key named Options: 32-bit:  HKLM\Software\Lanschool 64-bit:  ...
    • Configuring Enterprise Data Collection on the LCS

      Get even more from your classroom management solution with educator usage data. Determine whether or not LanSchool is effectively incorporated into the classroom on a school- or district-wide scale.  This guide will show you how to enable and ...
    • Creating a shortcut to Open Teacher Console

      Problem: How to create a Teacher Console shortcut on Windows. Cause: N/A Prerequisite(s):  LanSchool Teacher on Windows Solution(s): To create a shortcut and have the console popup in Windows.  To create a shortcut and send the LanSchool Teacher to ...
    • Recent Articles

    • X-Content-Type-Options=nosniff header breaks Public webApp

      Issue Customers have added security headers to their SSL Offloading appliance to meet new security standards.  Now when launching a Public webApp, instead of the application properly launching the browser just displays the HTML code. Solution We've ...
    • Unified Workspace Support for Windows Server 2022

      Issue Is Windows Server 2022 supported by Unified Workspace? Solution We are still in full testing of UW on Windows Server 2022, however we are seeing that UW functions properly on Server 2022. The issue we have with Windows Server 2022 is that our ...
    • Log4J 1.x Vulnerability CVE-2021-4104

      Issue A vulnerability was discovered in Apache Log4j1.x. Does this vulnerability affect Unified Workspace? If so, how do we go about mitigation of the vulnerability? CVE-2021-4104 Solution Unified Workspace does use Log4J 1.2.16. This vulnerability ...
    • Log4J Vulnerability CVE-2021-44228

      Issue A vulnerability was discovered in Apache Log4j2. Does this vulnerability affect Unified Workspace? If so, how do we go about mitigation of the vulnerability? CVE-2021-44228 Solution Unified Workspace does use Log4J 1.2.16. We have confirmed ...
    • Management Console non-directory credentials

      Question How can I access Unified Workspace if my directory credentials are not working? For example: We are having directory issues and need to configure Unified Workspace to connect to a different Directory Controller. Solution The Management ...