ApplicationXtender and Xplore - Log4J Vulnerability
- Taylor Treece (Unlicensed)
Analytics
Please see below communication from OpenText regarding ApplicationXtender and Xplore vulnerability to the Log4J exploit.
OpenText - ApplicationXtender and Xplore
I do know for a fact that ApplicationXtender core components are not affected since we do not use Apache web server and Java in our product suite. As you know, ApplicationXtender is only installed in IIS and using Windows Installers.
xPlore is not affected either because WildFly web server does not use the Log4j 2 either.
xPlore's installer bundled DFC version 20.4, doesn't use the log4j 2.x. it uses 1.x only, that is why in your find command, log4j 2.x didn't present.
Regarding, </opt/xplore/home/wildfly23.0.2/modules/system/layers/base/org/apache/logging/log4j/api/main/log4j-api-2.14.0.jar>
Wildfly bundles the log4j 2.x, but Wildfly bundles log4j api jar "log4j-api-2.14.0.jar" and this jar doesn't have impact. Officially in the twitter Wildfly confirmed the same.
https://twitter.com/WildFlyAS/status/1469362190536818688.”
Further update, the vulnerability doesn’t affect any current version of Xplore FT that works with AX.
Related content
Copyright © CASO Document Management
All product names, logos, brands, and trademarks featured or referred to on this page are the property of their respective trademark holders. These trademark holders are not affiliated with, nor do they sponsor or endorse this website or the products/services offered unless explicitly stated otherwise.