Expand my Community achievements bar.

SOLVED

Vulnerability related with file log4j.jar

Avatar

Level 2
Level 2
8/23/23 6:12:21 AM

Hello,

we have installed Adobe Campaing Classic V7 and our security department have detected a vulnerability related with this installation. An obsolete version of log4j of the Adobe Campaign servers was detected, this component is installed in a subfolder of the Adobe installation :

 

  • E:\Program Files\Adobe\Adobe Campaign Classic v7\java\lib\log4j-1.2.11.jar

Does anybody know if we can fix this vulnerability by replacing the jar file with a newer version of "log4j"? 

The case is that we can't upgrade the version of Adobe Campaign Classic easily and we need to fix this issue urgently.

 

Thank you very much!!

 

 

Views

738

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
8/23/23 10:43:29 AM

Hi @RobertoCervantes ,

 

The vulnerability is fixed in latest build. I will recommend to upgrade your build.

If it's not possible ASAP, you can check the following URL for a workaround.

 

https://experienceleaguecommunities.adobe.com/t5/adobe-campaign-classic-questions/log4j-for-adobe-ca...

 

Thanks,

David



David Kangni

View solution in original post

Views

725

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
8/23/23 10:43:29 AM

Hi @RobertoCervantes ,

 

The vulnerability is fixed in latest build. I will recommend to upgrade your build.

If it's not possible ASAP, you can check the following URL for a workaround.

 

https://experienceleaguecommunities.adobe.com/t5/adobe-campaign-classic-questions/log4j-for-adobe-ca...

 

Thanks,

David



David Kangni

Views

726

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
8/29/23 3:56:41 AM
In response to RobertoCervantes

@DavidKangni, due to the lack of time and prioritisation of our security department we are going to perform a test in the development environment by modifying the "log4j-1.2.11.jar" file by the "log4j-2.20.0.jar" latest version inside the "\java\lib" folder.


I have seen that it will also be necessary to modify the configuration file "serverConf.xml" adding the path of the new version.

Can you think of any inconvenience or any other action to do to make everything work correctly? Could this change have any negative impact on future updates of the application?

 

Thank you very much for your time!

 

 

Views

652

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Create schema from external DB Snowflake - Attributes with Decimal values getting truncated in Adobe Campaign Client Console Solved

Views

102

Likes

0

Replies

2
Options don't work with some operators Solved

Views

243

Like

1

Replies

2
How to add calculated filed in schema to add join in schemas with conditions Solved

Views

299

Likes

0

Replies

4
Logs with rejected connections?

Views

109

Likes

0

Replies

4
How to create a new Named Right so users can interact with data via Snowflake External Account?

Views

147

Likes

0

Replies

4