LOG4J ColdFusion 2018 mitigation vulnerability

Question

We've applied the Log4js mitigations outlied in https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html and when Update 13 for Coldfusion 13 was available we applied it. I'm now getting warning of a vulnerability for log4j core 2.9.0 installed vi a the mitigation and advised to upgrade to 2.15 or later. Any guidance on either backing out or or upgrading the mitigaation installed via https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html to prevent the new vulnerabilities?

BKBK · Answer

@richardm66198703 , Why begin a new thread when there is already a Log4J thread on this very subject:

https://community.adobe.com/t5/coldfusion-discussions/zero-day-exploit-affecting-the-popular-apache-log4j-utility-cve-2021-44228/td-p/12585377

If I were you, I would move my question there.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded