Ignite Global Support Home Start a conversation Sign in
Start a conversation
  1. Jive Support
  2. Jive - Configuration
  3. Articles

Jive HOP 9.4 and Log4J Vulnerabilities Disclosed on January 2022

Overview

On January 18, 2022, Apache disclosed details of three critical vulnerabilities impacting Log4j 1.2. 

You want to know if Jive Hosted/On-Premise v9.4.0.0 is affected by these vulnerabilities.

 

The new vulnerabilities are: 

  • CVE-2022-23302: a remote authenticated attacker could exploit it to launch a JNDI request that could lead to remote code execution, 
  • CVE-2022-23305: a remote attacker could exploit it via queries containing specially-crafted SQL attributes in order to access or alter database information, 
  • CVE-2022-23307: a remote attacker could exploit it via specially crafted requests to execute arbitrary code.

<supportagent>

Related JIRA: https://trilogy-eng.atlassian.net/browse/JVHOPST-72401

</supportagent>

 

Information

Jive 9.4 is not affected by the vulnerabilities 23302, 23305, 23307. 

However, if you want to upgrade to a version of Jive HOP that is built using Log4j2.17, then v9.9.1 will shortly be available to deploy. Jive 9.9.1 is not yet released (as of 4 April 2022). You can keep an eye out for a release on Worx.

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments