Jiwa

The Jiwa community forums

Skip to content

log4j  Topic is solved

Find general Jiwa support here.
Post a reply

log4j

Postby pricerc » Tue Jan 04, 2022 4:37 pm

Can we get an 'official' line on whether there is anything a Jiwa customer needs to be concerned about regarding log4j, considering Crystal is conceivably affected by it?
/Ryan

ERP Consultant,
Advanced ERP Limited, NZ
https://aerp.co.nz
User avatar
pricerc
Senpai
Senpai
 
Posts: 504
Joined: Mon Aug 10, 2009 12:22 pm
Location: Auckland, NZ
Topics Solved: 20
Top

Re: log4j  Topic is solved

Postby Mike.Sheen » Tue Jan 04, 2022 5:58 pm

Not impacted or exposed.

The Crystal Reports components we deploy use on log4javascript, not log4j.

Even if Crystal Reports was using Log4j - I'm having trouble dreaming up a situation where that could be exploited... perhaps if they were using our REST API and exposing it to the outside world and had exposed some routes to generate crystal reports...
Mike Sheen
Chief Software Engineer
Jiwa Financials

If I do answer your question to your satisfaction, please mark it as the post solving the topic so others with the same issue can readily identify the solution
User avatar
Mike.Sheen
Overflow Error
Overflow Error
 
Posts: 2444
Joined: Tue Feb 12, 2008 11:12 am
Location: Perth, Republic of Western Australia
Topics Solved: 756
Top

Re: log4j

Postby pricerc » Wed Jan 05, 2022 8:45 am

Thanks Mike.

That's what I suspected.

I also figured that when it comes to an attack on Jiwa, you first need access to the system. And have admin rights to modify reports (which I assume would be needed to fire up Crystal). And have the smarts to craft the exploit on top of that.
/Ryan

ERP Consultant,
Advanced ERP Limited, NZ
https://aerp.co.nz
User avatar
pricerc
Senpai
Senpai
 
Posts: 504
Joined: Mon Aug 10, 2009 12:22 pm
Location: Auckland, NZ
Topics Solved: 20
Top
Post a reply

Return to Core Product Support

Who is online

Users browsing this forum: No registered users and 2 guests

Powered by phpBB® Forum Software © phpBB Group