Posted Tue, 14 Dec 2021 00:27:01 GMT by Kelly Burns Kaiser Permanente
On our Automate servers I found log4j-core.jar file which is a security vulnerability.  Will Automate be creating a patch for this and if so, what is the ETA? 
Posted Tue, 14 Dec 2021 00:30:11 GMT by Kelly Burns Kaiser Permanente
And I realize that is under Oracle client however are there are any Log4j files or *.jar files used in Automate?

Also, we may be installing an application called CrowdStrike to help combat a potential vulnerability with these types of files. Will that cause any conflict with Automate?
Posted Tue, 14 Dec 2021 19:08:53 GMT by Kelly Burns Kaiser Permanente
For other customers who might be concerned, I just received this from Automate Support:

Since Automate is not using log4j, therefore it is not impacted by the log4j 2 vulnerability described in the CVE-2021-44228.
As for CrowdStrike impact on Automate, we have not experience with it, so we don't know if it could negatively impact it.

Posted Tue, 14 Dec 2021 19:24:24 GMT by Jack Dawson Sutton Place Limited Director Of It
What about with the HelpSystems Insite software that is used to manage Automate? I have found multiple instances of log4j files under the root installation folder and appears to be using it. Has anyone heard from HelpSystems if there is a patch or mitigation for this product?
Posted Thu, 16 Dec 2021 13:03:38 GMT by Gerry Muyargas Rexall Pharmacy Group Ltd. AS/400 Operations Supervisor

Do you at least have a link that shows a summary of your list of products that are or are not impacted by the CVE-2021-44228?

Posted Wed, 29 Dec 2021 16:57:39 GMT by Michael Snider WORLDPAC

Here's a list for Robot, Powertech, and Sequel products: Apache Log4j Impact On HelpSystems Products

You must be signed in to post in this forum.