Back to QMetry All Products Help Page

Skip to end of banner Go to start of banner

QMetry Security Advisory - Log4j - CVE-2021-44228

Skip to end of metadata

Created by Reshma Padkil, last modified on Dec 16, 2021

Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Note: This page contains information for QMetry Test Management for Jira Cloud, Server and Datacenter users.

What is the issue?

On December 9^th, a 0-day exploit in the popular Java logging library log4j2 was discovered that results in Remote Code Execution (RCE) by logging a certain string. As per the CVE standard, it has been ranked with a score of 10.0 (highest). Hence the impact of this vulnerability is considered severe.

Is the QTM4J app affected by the issue?

QMetry Test Management - Server and Datacenter - No

The QMetry for Jira Server or Data Center apps are not impacted by this vulnerability.

QMetry Test Management - Cloud - Yes

Log4j2 is one of the most popular logging libraries used in Java applications. QMetry also uses the Log4j2 library in the QMetry Test Management for the Jira Cloud app. QTM4J Cloud application is hence impacted by this vulnerability.

How is QMetry addressing the issue?

For QMetry Test Management - Cloud/SaaS Customers

This vulnerability has been mitigated for all the QTM4J cloud instances on Dec 16^th, 8:30 pm PST. QMetry cloud customers are not vulnerable anymore, and no action is required.

References

https://logging.apache.org/log4j/2.x/security.html

Please contact QMetry Support for more information at qmetryforjira@qmetrysupport.atlassian.net.

No labels

Back to QMetry All Products Help Page