X-Junk-Score: 0 [] X-KAS-Score: 0 [] From: "Fred. Zwarts F.Zwarts@KVI.nl" Received: from [129.125.27.62] (HELO kvi.nl) by list.communigate.ru (CommuniGate Pro SMTP 6.3.9f) with ESMTPS id 60116818 for CGatePro@list.communigate.ru; Mon, 13 Dec 2021 13:24:00 +0300 Received-SPF: pass receiver=mail.communigate.ru; client-ip=129.125.27.62; envelope-from=F.Zwarts@KVI.nl DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=kvi.nl; s=mail; bh=b9krrAi2G/Wf3JkMOtIFRM5tZ8BM+tiswwTg5OUDEf4=; h=Content-Transfer-Encoding:Content-Type:Subject:From:To:Content-Language: MIME-Version:Date:Message-ID; b=is3C0vNoc8hed5A2rTPSpc0cHDq/g2/YX+z4UlSWtcJOe NHXKZT2f+hDB5f2JUk38G1jdCRaPKzPfA5F89F8DdGnS3eDmQYC7NyxaE2utG6TldVWvXR99vt9pv x2wX4+jeINVhBUBZjG3BdQFA8SttKsGYPlD5nMjkJR8MdqszQ= Received: from [2a02:a461:3e7a:1:8d5d:a8aa:4245:666a] (account zwarts@kvi.nl HELO [IPV6:2a02:a461:3e7a:1:8d5d:a8aa:4245:666a]) by kvi.nl (CommuniGate Pro SMTP 6.3.4) with ESMTPSA id 28425498 for CGatePro@list.communigate.ru; Mon, 13 Dec 2021 11:23:38 +0100 Message-ID: <7289efd9-dbd3-baac-1e81-d4a62dbbd4b6@KVI.nl> Date: Mon, 13 Dec 2021 11:23:36 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Content-Language: en-GB To: CGatePro@list.communigate.ru Subject: log4j Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit The last few days there is a lot of noise about the log4j vulnerability. Most of the messages are about Apache, but https://github.com/NCSC-NL/log4shell lists a lot of other software. CommuniGate Pro is not in this list, but I found the following file on our system, apparently from the CommuniGate Pro installation: > /opt/CommuniGate/WebSkins/Samoware/log4javascript.js My question is whether this indicates a vulnerability of our system? If so, are there instructions to fix the problem and also CommuniGate Pro should be added to the NCSC list. Best regards, Fred.Zwarts.