Welcome to OCS Inventory NG community support, where you can ask questions and receive answers from other members of the community.

Please ask questions only in English or French.

Release 2.10.0 available

The official documentation can be found on http://wiki.ocsinventory-ng.org. Read it before asking your question.

CVE-2021-44228 - Is OCS Inventory affected?

On the 9th of December a Zero-Day Exploit targeting Java Library Log4j has been made public. (CVE-2021-44228). I have not been able to verify 100 percent myself if OCS Inventory is affected or not.
It seems like OCS uses 
liblog-log4perl-perl and not log4j directly. Could you please clarify if OCS is affected?

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228

in OCS Inventory NG server for Unix by (120 points)

1 Answer

0 votes
Hi,

OCS is not vulnerable to Log4j vulnerability. Most likely most of the applications that use a Log4J port and not Log4j directly are not impacted.

Regards,
Gilles DUBOIS.
by (3.1k points)
 
Powered by Question2Answer
...