Jump to content
Claris Engage 2025 - March 25-26 Austin Texas ×

This topic is 1071 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Posted (edited)

Since 360Works is about 100% Java, I would think that some or all of the products are affected by the Log4j monster-critical vulnerability that came out today, being tracked as CVE-2021-44228, and detailed here by WIRED.

Will you be publishing an official notice on it, if/how it does or doesn't affects 360Works products, and if so, how to mitigate the vulnerability until it gets patched?

Thanks!

 

security-5043368.jpg

Edited by JohnDCCIU
Posted

Hi JohnDCCIU,

The vulnerability in question required java to be connected to an LDAP server as well as using a compromised version of Log4J, which is not possible with any of our plugins or web apps. Additionally, we did identify that only the Plastic plugin was using a compromised version of Log4J, and we updated this to remove the vulnerability and published a new version to our store.

Please let us know if you have any questions!

  • Like 1
  • Newbies
Posted

Hi, are older versions of your products also safe from the log4j vulnerability? I have a FM server 16 using an old version 1.82 of RemoteScripter.

  • Newbies
Posted

FYI, Claris has significantly expanded their response at https://support.claris.com/s/answerview?anum=000035819&language=en_US and provided more information on older versions.

If you want a more in-depth analysis, I've been collating all the community findings I'm aware of, along with our research, in a blog post on fixing the Log4j exploit on FileMaker Server.

FileMaker Server 16 is not vulnerable to these two newest Log4j (2.x) exploits, so you probably won't be compromised by the majority of botnet activity going on right now.  However, FMS 16 does use an older Log4j (v1.2.15) that is no longer maintained and has active Remote Code Execution vulnerabilities of its own. You should *definitely* check out the mitigation steps in our blog post and prioritize upgrading to FileMaker Server 19.

This topic is 1071 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.