Jiwa

Can we get an 'official' line on whether there is anything a Jiwa customer needs to be concerned about regarding log4j, considering Crystal is conceivably affected by it?

Not impacted or exposed.

The Crystal Reports components we deploy use on log4javascript, not log4j.

Even if Crystal Reports was using Log4j - I'm having trouble dreaming up a situation where that could be exploited... perhaps if they were using our REST API and exposing it to the outside world and had exposed some routes to generate crystal reports...

Thanks Mike.

That's what I suspected.

I also figured that when it comes to an attack on Jiwa, you first need access to the system. And have admin rights to modify reports (which I assume would be needed to fire up Crystal). And have the smarts to craft the exploit on top of that.