The Vulnerability in Apache Log4j-No Impact on RPM

Rapid Personnel Manager

The Vulnerability in Apache Log4j-No Impact on RPM

There is a vulnerability in Apache Log4j version 2.14.1 or below, which was reported on 9 December 2021. The vulnerability doesn’t affect Rapid Personnel Manager.

The vulnerability CVE-2021-44228 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228 is making rounds in media. Since we have had a few queries regarding this, we want to address the issue publicly. Molnix reviewed the CVE alert when it was issued. Molnix RPM as well as the Molnix plaftorm as a whole does not use Log4j. As such the services we offer are not affected by CVE-2021-44228. The security review was fairly trivial since we generally do not use software written in Java.

davann@molnix.com