Welcome to OCS Inventory NG community support, where you can ask questions and receive answers from other members of the community.

Please ask questions only in English or French.

Release 2.12.3 available

The official documentation can be found on https://wiki.ocsinventory-ng.org. Read it before asking your question.

Categories

CVE-2021-44228 - Is OCS Inventory affected?

On the 9th of December a Zero-Day Exploit targeting Java Library Log4j has been made public. (CVE-2021-44228). I have not been able to verify 100 percent myself if OCS Inventory is affected or not.
It seems like OCS uses liblog-log4perl-perl and not log4j directly. Could you please clarify if OCS is affected?

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228

in OCS Inventory NG server for Unix by (120 points)
Share on
share on gp share on fb share on tw share on li

1 Answer

0 votes
Hi,

OCS is not vulnerable to Log4j vulnerability. Most likely most of the applications that use a Log4J port and not Log4j directly are not impacted.

Regards,
Gilles DUBOIS.
by (3.1k points)
 
Powered by Question2Answer
...