[CSN-5774] Merge CSN-5761 - Resolve CVE-2021-44228 Log4J vulnerability - Jira

XML

Word

Printable

Details

Type: Story
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: chat 3.18.1
Component/s: CCM, communication server, MRE
Labels:
None

Account:
Software (SOFTWARE)
Sprint:
Sprint# 62 (Dec 6 - 17)

Description

Issue

CVE-2021-44228 is identified in Hybrid Chat components and other Java-based components. The vulnerability is identified in the following components

CCM
Communication Server
Routing Engine

Business Impact

Customer Channel Manager in Hybrid Chat is vulnerable due to CVE-2021-44228. The Customer Channel Manager (CCM) is responsible for handling communication with all channels except WebChat. This vulnerability may impact all customer channels except WebChat.

Implementation

This vulnerability is caused by Log4J2 in versions older than 2.15.0. It is recommended to update the Log4J2 library to at least ≥ 2.16.0 which resolves the following two vulnerabilities:

CVE-2021-44228 - Critical
CVE-2021-45056 - Low

Attachments

Activity

People

Assignee:: Awais Aslam

Reporter:: Awais Aslam

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16/Dec/21 5:04 PM

Updated:: 28/Feb/22 11:20 PM

Resolved:: 16/Dec/21 5:11 PM