Back to QMetry All Products Help Page
QMetry Security Advisory - Log4j - CVE-2021-44228
Note: This page contains information for QTM4J app - Cloud, Server, and Datacenter users.
What is the issue?
On December 9th, a 0-day exploit in the popular Java logging library
log4j2
was discovered that results in Remote Code Execution (RCE) by logging a certain string. As per the CVE standard, it has been ranked with a score of 10.0 (highest). Hence the impact of this vulnerability is considered severe. Reference - https://logging.apache.org/log4j/2.x/security.html
Are the QTM4J apps affected by the issue?
Log4j is one of the most popular logging libraries used in Java applications. QTM4J cloud app also uses this library and was impacted by this vulnerability. This vulnerability has been mitigated for all the QTM4J cloud instances. QTM4J cloud customers are not vulnerable anymore, and no action is required.
Log4j Vulnerability | Mitigation Date |
---|---|
CVE-2021-44228 | Dec 15th, 9:00 pm PST |
CVE-2021-45046 | Dec 21st, 3:00 am PST |
CVE-2021-45105 | Dec 21st, 3:00 am PST |
The QTM4J Server and Data Center apps are not impacted by this vulnerability and hence no action is required.
Please contact QMetry Support for more information at qtmfj@qmetrysupport.atlassian.net.
Back to QMetry All Products Help Page