Hello,we have installed Adobe Campaing Classic V7 and our security department have detected a vulnerability related with this installation. An obsolete version of log4j of the Adobe Campaign servers was detected, this component is installed in a subfolder of the Adobe installation : E:\Program Files\Adobe\Adobe Campaign Classic v7\java\lib\log4j-1.2.11.jarDoes anybody know if we can fix this vulnerability by replacing the jar file with a newer version of "log4j"? The case is that we can't upgrade the version of Adobe Campaign Classic easily and we need to fix this issue urgently. Thank you very much!!

Level 2

Solved

Vulnerability related with file log4j.jar

Forum|Forum|2 years ago
August 23, 2023
1 reply
1185 views

Hello,

we have installed Adobe Campaing Classic V7 and our security department have detected a vulnerability related with this installation. An obsolete version of log4j of the Adobe Campaign servers was detected, this component is installed in a subfolder of the Adobe installation :

E:\Program Files\Adobe\Adobe Campaign Classic v7\java\lib\log4j-1.2.11.jar

Does anybody know if we can fix this vulnerability by replacing the jar file with a newer version of "log4j"?

The case is that we can't upgrade the version of Adobe Campaign Classic easily and we need to fix this issue urgently.

Thank you very much!!

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by DavidKangni

Hi @robertocervantes ,

The vulnerability is fixed in latest build. I will recommend to upgrade your build.

If it's not possible ASAP, you can check the following URL for a workaround.

https://experienceleaguecommunities.adobe.com/t5/adobe-campaign-classic-questions/log4j-for-adobe-campaign/td-p/434297

Thanks,

David

DavidKangni

Accepted solution

Community Advisor

Hi @robertocervantes ,

The vulnerability is fixed in latest build. I will recommend to upgrade your build.

If it's not possible ASAP, you can check the following URL for a workaround.

https://experienceleaguecommunities.adobe.com/t5/adobe-campaign-classic-questions/log4j-for-adobe-campaign/td-p/434297

Thanks,

David

David Kangni

R

RobertoCervantesAuthor

Level 2

Ok understood. Thank you very much @davidkangni

R

RobertoCervantesAuthor

Level 2

@davidkangni, due to the lack of time and prioritisation of our security department we are going to perform a test in the development environment by modifying the "log4j-1.2.11.jar" file by the "log4j-2.20.0.jar" latest version inside the "\java\lib" folder.

I have seen that it will also be necessary to modify the configuration file "serverConf.xml" adding the path of the new version.

Can you think of any inconvenience or any other action to do to make everything work correctly? Could this change have any negative impact on future updates of the application?

Thank you very much for your time!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded