Problem


CVE-2021-44228 defines a vulnerability in Apache's Log4j utility, versions 2.0 - 2.14.1, that could allow for unauthenticated remote code execution.

 

Impact on Exterro Products


None of the Exterro’s forensic product line is impacted by Log4J since none of our products are Java based except PRTK/DNA, KFF and Collab. However all three of those use JAVA/SL4J with logback (logging) back end. Due to this configuration, our customers shall not be impacted.

Note: log4j jar It will not impact until it’s explicitly configured. Default configuration is "Logback”.