Is Adobe Sign affected by the Apache Log4j vulnerability?

Question

We have a cloud based application that utilizes Adobe Sign for digital signatures. Is Adobe Sign affected by the Apache Log4j vulnerability in any way? Does Adobe Sign use Apache? Thanks, Carlo

Meenakshi Negi · Accepted Answer

Hello,

Hope you are doing well and thank you for reaching out.

Please refer to the information provided on the following help document: https://helpx.adobe.com/security/products/log4j-2-advisory.html.

Hope the information helps.

Thanks,

Meenakshi

MarketingHD · Answer

Hey,

This is what I got from support -

I understand you want to know about the log4j vulnerability which is on going. I would like to inform you that Adobe is aware of this Apache log4j library vulnerability. This library is widely used in many applications and services across the industry, including Adobe.
The investigation is ongoing but, to date, Adobe has discovered no indication to suggest customer data has been impacted as a result of this issue.
Adobe is investigating the potential impact and is taking action including updating affected systems to the latest versions of Apache log4j recommended by the Apache Software Foundation.

However, Adobe Sign is patched . “Patched” means the product/service uses the Apache log4j library but has been updated to the latest version that is not vulnerable.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded