Note: This page contains information for QTM4J app - Cloud, Server, and Datacenter users.
What is the issue?
On December 9th, a 0-day exploit in the popular Java logging library
log4j2was discovered that results in Remote Code Execution (RCE) by logging a certain string. As per the CVE standard, it has been ranked with a score of 10.0 (highest). Hence the impact of this vulnerability is considered severe. Reference - https://logging.apache.org/log4j/2.x/security.html
Are the QTM4J apps affected by the issue?
Log4j is one of the most popular logging libraries used in Java applications. QTM4J cloud app also uses this library and was impacted by this vulnerability. This vulnerability has been mitigated for all the QTM4J cloud instances on Dec 15th, 9:00 pm PST. QTM4J cloud customers are not vulnerable anymore, and no action is required.
The QTM4J Server and Data Center apps are not impacted by this vulnerability and hence no action is required.
Please contact QMetry Support for more information at qtmfj@qmetrysupport.atlassian.net.