Note: This page contains information for QTM4J app - Cloud, Server, and Datacenter users.
What is the issue?
On December 9th, a 0-day exploit in the popular Java logging library log4j2 was discovered that results in Remote Code Execution (RCE) by logging a certain string. As per the CVE standard, it has been ranked with a score of 10.0 (highest). Hence the impact of this vulnerability is considered severe. Reference - https://logging.apache.org/log4j/2.x/security.html
Are the QTM4J apps affected by the issue?
Log4j is one of the most popular logging libraries used in Java applications. QTM4J cloud app also uses this library and was impacted by this vulnerability. This vulnerability has been mitigated for all the QTM4J cloud instances. QTM4J cloud customers are not vulnerable anymore, and no action is required.