QMetry Security Advisory - Log4j Vulnerability

Note: This page contains information for QTM4J app - Cloud, Server, and Datacenter users.

What is the issue?

  • On December 9th, a 0-day exploit in the popular Java logging library log4j2 was discovered that results in Remote Code Execution (RCE) by logging a certain string. As per the CVE standard, it has been ranked with a score of 10.0 (highest). Hence the impact of this vulnerability is considered severe. Reference - https://logging.apache.org/log4j/2.x/security.html

Are the QTM4J apps affected by the issue?

  • Log4j is one of the most popular logging libraries used in Java applications. QTM4J cloud app also uses this library and was impacted by this vulnerability. This vulnerability has been mitigated for all the QTM4J cloud instances. QTM4J cloud customers are not vulnerable anymore, and no action is required.

Log4j Vulnerability

Mitigation Date

Released QTM4J Cloud version

Log4j Vulnerability

Mitigation Date

Released QTM4J Cloud version

Dec 15th, 9:00 pm PST

Dec 21st, 3:00 am PST

Dec 21st, 3:00 am PST

  • The QTM4J Server and Data Center apps are not impacted by this vulnerability and hence no action is required.

 

Please contact QMetry Support for more information at qmetryforjira@qmetrysupport.atlassian.net.