Participant

Answered

Log4j vulnerability and Adobe CC

Forum|Forum|4 years ago
December 14, 2021
10 replies
10289 views

Hi,

Regarding the vulnerability CVE-2021-44228, I would like to know if the Adobe CC desktop app or any of the apps that can be installed with it make use of the vulnerable Log4j package.
If so, what steps do you recommend for mitigation?
Thank you very much for your help.

Collaboration

This topic has been closed for replies.

Correct answer Jeffrey_A_Wright

Thank you, everyone, for your interest and concern regarding the recently discovered Log4j vulnerability. For information on security issues related to the Apache Log4j 2 library and how it affects Adobe software and services, please bookmark and review https://helpx.adobe.com/security/products/log4j-2-advisory.html.

This is a developing situation, so please follow the guidance at the bottom and contact your dedicated Customer Success Manager (CSM), Technical Account Manager (TAM), or contact us directly at https://helpx.adobe.com/contact.html?rghtup=autoOpen for any questions you may have.

Update https://helpx.adobe.com/security/products/log4j.html

E

eh22435856akz6

Participant

Photoshop CS5.5 (v12.1) desktop version appears to use log4j in the service manager components. Will there be a patch for this older version ?

P

Peliroja2019

Adobe Employee

For older versions, please reach out to your dedicated Customer Success Manager (CSM), Technical Account Manager (TAM) or Adobe Customer Care: https://helpx.adobe.com/contact.html

B

Badr Eddine22358867vu18

Participant

Please, can you confirm if Adobe Creative Cloud are affected by the LOG4SHELL vulnerability (CVE-2021-44228) ?

P

Peliroja2019

Adobe Employee

Please see: https://helpx.adobe.com/security/products/log4j.html

P

Peliroja2019

Adobe Employee

Latest advisory for CVE-2021-44228 is here: https://helpx.adobe.com/security/products/log4j.html

John Waller

Community Expert

Deleted.

I

itm79008047

Participant

+1 "What is Adobe's assessment of the Log4j security vulnerability as applied to Acrobat Pro DC, Adobe Captivate, Creative Cloud All Apps, Illustrator, Photoshop"

The only answer I get from Support chat is a non-answer. "That information has not been shared with us"

D

DineshBabu Sekar

Participant

I wanted to reach out to you to find out if Adobe has any vulnerabilities relating to Log4j? If so what steps need to be taken to fix these?

Looking for if there are patches and assistance.

L

Lumigraphics

Legend

So far, Adobe wants you to contact support directly instead of just posting a list of software.

Jeffrey_A_Wright

Community Manager

Lumigraphics is correct; please bookmark https://helpx.adobe.com/security/products/log4j-2-advisory.html to be kept up to date regarding the Log4j vulnerability.

If you have additional questions that https://helpx.adobe.com/security/products/log4j-2-advisory.html does not currently answer, please follow the guidance at the bottom of the document and contact us directly.

Jeffrey_A_Wright

Correct answer

Community Manager

Thank you, everyone, for your interest and concern regarding the recently discovered Log4j vulnerability. For information on security issues related to the Apache Log4j 2 library and how it affects Adobe software and services, please bookmark and review https://helpx.adobe.com/security/products/log4j-2-advisory.html.

This is a developing situation, so please follow the guidance at the bottom and contact your dedicated Customer Success Manager (CSM), Technical Account Manager (TAM), or contact us directly at https://helpx.adobe.com/contact.html?rghtup=autoOpen for any questions you may have.

Update https://helpx.adobe.com/security/products/log4j.html

L

Lumigraphics

Legend

The question of the day is what non-server applications are affected if any. I suspect none but it would be nice to know for sure.

Jeffrey_A_Wright

Community Manager

Which is exactly the type of question you should contact your dedicated Customer Success Manager (CSM), Technical Account Manager (TAM), or contact us directly at https://helpx.adobe.com/contact.html?rghtup=autoOpen so that any specific questions can be addressed, Lumigraphics.

L

Lumigraphics

Legend

As far as everyone is aware, no Adobe desktop applications are affected and likely no desktop apps from other vendors. This is an issue with a Java logging app typically run on servers, so many if not most service providers online will be affected.

Regular users are most at risk of having your personal data stolen or services taken offline.

jamesm9942588

Participant

Any word on the cloud services provided by adobe?

stevelyver

Participant

We are looking for information regarding an Adobe response to the CVE-2021-44228 vunerability as well. Please advise.

K

Karim5F8A

Participant

Good day

Since there is no information posted on Adobe security center for this: https://helpx.adobe.com/security/Home.html

For CVE-2021-44228 - log4j vulnerability - does anyone know which products are affected; any fix ETA or in the interim workaround or suggestion to mitigate the risk? specifically is adobe acrobat or acrobat DC affected?

thank you

D

DineshBabu Sekar

Participant

I wanted to reach out to you to find out if Adobe has any vulnerabilities relating to Log4j? If so what steps need to be taken to fix these?

Do we have any updates on the patches, looking for assistance.

Thanks.

M

Marc22244064wdnb

Participant

+1

I'm also looking for more information this for Desktop cilents

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded