Descore
Providing Software Solutions to Canadian Resellers

Welcome to Descore Inc.




News Archive

February 10, 2022 - TechCon 2022 Now Virtual
December 14, 2021 - Vulnerability in Apache Log4j Library
June 8th, 2021 - New BASIS Documentation Site
April 20th, 2021 - TechCondensed 2021 and TechCon 2022
April 19th, 2021 - BBx21 Released
September 25th, 2020 - DCP - Past Invoices
October 9th, 2019 - BBx19 Released
April 18th, 2019 - TechCon 2019
January 31st, 2019 - End of free Oracle Java
August 1st, 2018 - New SAM Renewal Policy
July 12th, 2018 - BASIS Releases (V)PRO/5 18.00
July 3rd, 2018 - BASIS Extended Edition
April 24th, 2017 - TechCon 2017 Announced
September 22nd, 2016 - Descore Has Moved
April 27th, 2016 - New BASIS Licensing Paradigm
January 14th, 2016 - Montreal TechCondensed
March 19th, 2015 - Reset, Revision Upgrade, or Re-registration?
January 28th, 2015 - Descore Winter/Spring Holidays

News

December 14, 2021

Vulnerability in Apache Log4j Library

Overview
Information below is a copy of a BASIS Knowledge Base article

The CVE-2021-44228 Log4j2 vulnerability is described by InfoWorld as follows:

The problem revolves around a bug in the Log4j library that can allow an attacker to execute arbitrary code on a system that is using Log4j to write out log messages. This security vulnerability has a broad impact and is something anyone with an application containing Log4j needs to immediately pay attention to.

BBj Vulnerability: Minimal

There is no exposure for BBj revisions 17.13 and above.

A vulnerable version of the log4j library (log4j-api-2.8.1.jar) was distributed with BBj revisions 17.10 through 17.12. However, the “Console Logging” BBj feature that used this library was not enabled by default, and instructions to do so were never published.

Unless you received explicit instructions from BASIS on how to implement this feature in BBj 17.x, it is very unlikely to be a vulnerability in your deployment.

The final revision of the BBj 17.x series, BBj 17.13, did not include this library.

Resolution:

For BBj revisions 17.10, 17.11, and 17.12, upgrade to BBj 17.13 or higher. If you are unable to upgrade, then you can add this property to the /cfg/BBj.properties file to ensure Console Logging via the log4j library is disabled:
-Dlog4j2.formatMsgNoLookups=true

For BBj revisions prior to BBj 17.10 or later than BBj 17.12, no action is required.

(V)PRO/5 Vulnerability: None
(V)PRO/5 uses no Java libraries.

Standalone PRO/5 Data Server: None
The standalone PRO/5 Data Server uses no Java libraries.

BASIS License Manager (BLM) Vulnerability: None
The BLM uses no Java libraries


Please help us keep our records current!  Fill in this quick contact information questionnaire.
Click here for the Descore Customer Portal.
Click here for the Data2CSV website.
Click here for a signature capture demo using BUI and Unform.
Any Questions or Comments about this website can be emailed to our Webmaster: info@descore.com
Follow Descore on Twitter!

This website is best viewed at a minimum 800x600 resolution (1024x768 or higher is recommended).
This website requires JavaScript to be enabled in your browser. If you do not wish to use java-script, please access the pages in our website via the Site Map link on our menu.

COPYRIGHT © DESCORE INC., 2005
Bottom Logo