Log4J 1.x Vulnerability CVE-2021-4104
Issue
A vulnerability was discovered in Apache Log4j1.x. Does this vulnerability affect Unified Workspace? If so, how do we go about mitigation of the vulnerability?
CVE-2021-4104
Solution
Unified Workspace does use Log4J 1.2.16.
This vulnerability ONLY affects applications which are specifically configured to use JMSAppender, which is not the default, or when the attacker has write access to the Log4j configuration for adding JMSAppender to the attacker's JMS Broker.With Unified Workspace, JMSAppender is not configured for use, and the only access to configure it for use, would require access to the server, or it's file system. Therefore Unified Workspace is NOT susceptible to this vulnerability.
Our developers, however, are currently working on upgrading Log4J to the most current release, in the next release of Unified Workspace.
UPDATE:
Log4J has been updated in Unified Workspace version 7.0.1.41.
Can't find the KB
Unable to find the KB to address your issue ?
Recent Articles
Change Reset Password Button Text
Change the text of the "Reset Password" button on the UW Login Page How to change the text of the Reset Password button on the Login Page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants ...
Remove Reset Password Button From Login Page
Remove the Reset Password Button from the Login Page How to remove the Reset Password button from the Unified Workspace login page. Login to webNetwork and open webAdmin on your Relay Central Server Expand Customization Center Expand Tenants Expand ...
Lenovo Unified Workspace End-of-Life Questions and Answers
As of January 31st 2024, Lenovo Unified Workspace (formerly Stoneware WebNetwork) is no longer supported. This means that we no longer provide licenses, downloads, updates, patches, or technical assistance for this product. If you have any questions ...
How do I determine my Unified Workspace license expiration date?
The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...
Lenovo Unified Workspace 7.0.2.13 Released
Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...
Related Articles
Log4J Vulnerability CVE-2021-44228
Issue A vulnerability was discovered in Apache Log4j2. Does this vulnerability affect Unified Workspace? If so, how do we go about mitigation of the vulnerability? CVE-2021-44228 Solution Unified Workspace does use Log4J 1.2.16. We have confirmed ...
Pearson SAML webApp requires Identity as of 6.4.x.x
Issue: The customer has a Pearson SAML webApp. After upgrading to 6.4.x.x, users receive the following error when clicking on the Savvas Learning Company (formerly Pearson K12 Learning) webApp tile: HTTP ERROR 500 Problem accessing ...
How to setup console log to file
Problem: Troubleshooting an issue, but it is only happening intermittently. Real-time logging is not sufficient in these instances, so you can setup logging to file instead. Prerequisite(s): webNetwork 6.3.0.199 or above Ability to ...
Enable X-Forwarded-For header on a KEMP LoadMaster
Question: I have my UW relays behind a KEMP LoadMaster. When I use Web Monitor (with a column added for ipAddress) to see active user sessions, I see all the users coming from the LoadMaster's IP address. Solution: The Virtual Service for your UW ...
Slingshot will not install after upgrading to 6.4.0.x
Symptoms: Slingshot applications are unable to install the Slingshot application for kicking off slingshot applications. Error is received "Unable to contact server." Issue: TLSv1 is disabled by default in the stoneware/config/excludeProtocols file. ...