Skip to main content
K
Kelly5FF3
Participant
December 13, 2021
Question

is Adobe online services affected by log4j?

  • December 13, 2021
  • 5 replies
  • 5943 views

Hi, 

 

I'm trying to understand the affect this could have as adobe offers many of us online services. Is the vulnerability of log4j versions 2.0 to 2.14.1 affecting Adobe and have they been patched?

Please and thank you. 

This topic has been closed for replies.

5 replies

P
Adobe Employee
Peliroja2019
Adobe Employee
December 18, 2021

Latest advisory for CVE-2021-44228 is here: https://helpx.adobe.com/security/products/log4j.html

Q
Quoc22249880u0vs
Participant
December 14, 2021

Anyone found any official release statement from Adobe concerning the Log4j 2 CVE-2021-44228?  Appreciate Markus Jasker putting out his comment but as he stated, he's not the offical spokemans.

Other major vendors that has an impact from Log4j has documents that can be reference but nothing I can find for Adobe other than this discussion.

P
Adobe Employee
Peliroja2019
Adobe Employee
December 15, 2021

Please see: https://helpx.adobe.com/security/products/log4j-2-advisory.html

W
WenDop
Participant
December 14, 2021

This is the answer I got this morning

 

Adobe is aware of this Apache log4j library vulnerability.
This library is widely used in many applications and services across the industry, including Adobe.
Data is impacted and the investigation is going on.

Adobe is investigating potential impact and is taking action including updating affected systems to the latest versions of Apache log4j recommended by the Apache Software Foundation.

Adobe is reaching out to our vendors to determine potential impact now.

There is nothing additional you need to do for your Adobe applications at this time.
If you are a user of Apache log4j in your own environment, we recommend updating to the latest versions available from the Apache Software Foundation.

Markus Jasker
Adobe Employee
Markus Jasker
Adobe Employee
December 14, 2021

@WenDop 

it is not correct what you wrote! Please correct! Thank you.
The sentence "Data is impacted and the investigation is going on." is untrue and has for sure not been part of any communication you received from Adobe.
Actual Adobe says this:
The investigation is ongoing but, to date, Adobe has discovered no indication to suggest customer data has been impacted as a result of this issue.

    CYETabak
    CYETabak
    Participant
    December 14, 2021

    @Markus Jasker This is communication we did actually receive this morning through Customer Service. I copied this one-on-one from a conversation I had with one of the Customer Service employees. So even though the statement might have been wrong, the excerpt posted by @WenDop is and was a direct quote from one of the customer service representatives. I could even give you the casenumber which this was logged under should you want to look into that even further.

     

    That said I appreciate the response and I am glad there's no indication of any data being impacted.

      Bernd Alheit
      Community Expert
      Bernd AlheitCommunity Expert
      Community Expert
      December 14, 2021

      You should ask Adobe.

      W
      WenDop
      Participant
      December 14, 2021

      For our organisation I would like to know that to.

      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices