Log4J Vulnerability CVE-2021-44228

Log4J Vulnerability CVE-2021-44228

Issue

A vulnerability was discovered in Apache Log4j2. Does this vulnerability affect Unified Workspace? If so, how do we go about mitigation of the vulnerability?



Solution

Unified Workspace does use Log4J 1.2.16.

We have confirmed that Log4J 1.x does NOT offer a JNDI lookup mechanism at the message level, and therefore is NOT susceptible to this vulnerability.


Our developers, however, are currently working on upgrading Log4J to the most current release, in the next release of Unified Workspace.

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        Will the shutdown of LUW servers and access to downloads affect my server licensing? No, the shutdown of the customer servers and access to the product and licensing downloads will not affect your server licensing. This license is downloaded and ...

      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...

      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...

      • LanSchool Documentation Guides

        LanSchool Classic Teacher Console The LanSchool Teacher Console is the interface teachers will use to manage their classroom and students. It contains all the tools necessary for a teacher to effectively interact with students and create a ...

      • Lenovo Unified Workspace 7.0.1.41 Released

        Highlights of Unified Workspace 7.0.1.41 Before you install: Please view the installation notes here. 7.0.1.41 requires a 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.1.41 Updated Log4j Updated Java Updated ...

      • Related Articles

      • Log4J 1.x Vulnerability CVE-2021-4104

        Issue A vulnerability was discovered in Apache Log4j1.x. Does this vulnerability affect Unified Workspace? If so, how do we go about mitigation of the vulnerability? CVE-2021-4104 Solution Unified Workspace does use Log4J 1.2.16. This vulnerability ...

      • How to setup console log to file

        Problem:  Troubleshooting an issue, but it is only happening intermittently.  Real-time logging is not sufficient in these instances, so you can setup logging to file instead.    Prerequisite(s): webNetwork 6.3.0.199 or above Ability to ...

      • How can I notify a user, when they log in, that their password will expire soon?

        This is a sample profile Login Script that will tell the user when their password expires, each time they log into webNetwork / Unified Workspace.  Once the user reaches the limit where their password will expire in 4 days, the Change Password link ...

      • Google Security Checkup warning about UW access

        Issue Google Security Checkup warns about the user's webStorage access to Google Drive as a possible security vulnerability. This is due to the developer being an Unverified developer.  Unfortunately, Google verifies each application site ...

      • Debug CIFS file nodes

        ** Test with the Net use command ** From the main stoneware server go to a cmd prompt and type : ping server      Where server = the server name that holds the share. Make sure the ip number that comes back is the proper ip number then do a : ping -a ...