Skip to main content
C
creative_01c55178522
Participant
December 14, 2021
Answered

Log4j vulnerability and Adobe CC

  • December 14, 2021
  • 10 replies
  • 10289 views

Hi,

Regarding the vulnerability CVE-2021-44228, I would like to know if the Adobe CC desktop app or any of the apps that can be installed with it make use of the vulnerable Log4j package.
If so, what steps do you recommend for mitigation?
Thank you very much for your help.

    This topic has been closed for replies.
    Correct answer Jeffrey_A_Wright

    Thank you, everyone, for your interest and concern regarding the recently discovered Log4j vulnerability.  For information on security issues related to the Apache Log4j 2 library and how it affects Adobe software and services, please bookmark and review https://helpx.adobe.com/security/products/log4j-2-advisory.html.

     

    This is a developing situation, so please follow the guidance at the bottom and contact your dedicated Customer Success Manager (CSM), Technical Account Manager (TAM), or contact us directly at https://helpx.adobe.com/contact.html?rghtup=autoOpen for any questions you may have. 

     

    Update https://helpx.adobe.com/security/products/log4j.html

    10 replies

    E
    eh22435856akz6
    Participant
    December 29, 2021

    Photoshop CS5.5 (v12.1) desktop version appears to use log4j in the service manager components.  Will there be a patch for this older version ?  

    P
    Adobe Employee
    Peliroja2019
    Adobe Employee
    December 29, 2021

    For older versions, please reach out to your dedicated Customer Success Manager (CSM), Technical Account Manager (TAM) or Adobe Customer Care: https://helpx.adobe.com/contact.html 

    B
    Badr Eddine22358867vu18
    Participant
    December 23, 2021

    Please, can you confirm if Adobe Creative Cloud are affected by the LOG4SHELL vulnerability (CVE-2021-44228) ?

    P
    Adobe Employee
    Peliroja2019
    Adobe Employee
    December 23, 2021

    Please see: https://helpx.adobe.com/security/products/log4j.html

    P
    Adobe Employee
    Peliroja2019
    Adobe Employee
    December 18, 2021

    Latest advisory for CVE-2021-44228 is here: https://helpx.adobe.com/security/products/log4j.html

      John Waller
      Community Expert
      John WallerCommunity Expert
      Community Expert
      December 18, 2021

      Deleted.

      I
      itm79008047
      Participant
      December 17, 2021

      +1 "What is Adobe's assessment of the Log4j security vulnerability as applied to Acrobat Pro DC, Adobe Captivate, Creative Cloud All Apps, Illustrator, Photoshop"

       

      The only answer I get from Support chat is a non-answer. "That information has not been shared with us"

       

      D
      DineshBabu Sekar
      Participant
      December 16, 2021

      I wanted to reach out to you to find out if Adobe has any vulnerabilities relating to Log4j?  If so what steps need to be taken to fix these?

       

      Looking for if there are patches and assistance.

      L
      Lumigraphics
      Legend
      December 17, 2021

      So far, Adobe wants you to contact support directly instead of just posting a list of software.

        Jeffrey_A_Wright
        Community Manager
        Jeffrey_A_WrightCommunity Manager
        Community Manager
        December 17, 2021

        Lumigraphics is correct; please bookmark https://helpx.adobe.com/security/products/log4j-2-advisory.html to be kept up to date regarding the Log4j vulnerability.

         

        If you have additional questions that https://helpx.adobe.com/security/products/log4j-2-advisory.html does not currently answer, please follow the guidance at the bottom of the document and contact us directly.

        Jeffrey_A_Wright
        Community Manager
        Jeffrey_A_WrightCommunity ManagerCorrect answer
        Community Manager
        December 16, 2021

        Thank you, everyone, for your interest and concern regarding the recently discovered Log4j vulnerability.  For information on security issues related to the Apache Log4j 2 library and how it affects Adobe software and services, please bookmark and review https://helpx.adobe.com/security/products/log4j-2-advisory.html.

         

        This is a developing situation, so please follow the guidance at the bottom and contact your dedicated Customer Success Manager (CSM), Technical Account Manager (TAM), or contact us directly at https://helpx.adobe.com/contact.html?rghtup=autoOpen for any questions you may have. 

         

        Update https://helpx.adobe.com/security/products/log4j.html

          D
          David23825206vs9u
          Participant
          March 30, 2022

          Tenable vulnerability scanner sees log4j-1.2.14.jar hidden inside the LiveCycle directory in CC version 5.6.5.58 (February 2021). Is there a patch available for this vulnerable version of log4j in the newest version of Adobe Creative Cloud? The website you posted has no listing for LiveCycle vulnerability status. Details below...

          -----------------------------------------------------------------------------------------------------------

          PS C:\Program Files (x86)\Adobe\Adobe LiveCycle Designer ES4\Java\Libs> ls

          Directory: C:\Program Files (x86)\Adobe\Adobe LiveCycle Designer ES4\Java\Libs

          Mode LastWriteTime Length Name
          ---- ------------- ------ ----
          -a---- 3/3/2013 5:55 AM 1909418 adobe-xfa-3.1.0.jar
          -a---- 3/3/2013 5:55 AM 531557 collections-generic-4.01.jar
          -a---- 3/3/2013 5:55 AM 5135118 com.adobe.model.core.jar
          -a---- 3/3/2013 5:55 AM 313359 dom4j-1.6.jar
          -a---- 3/3/2013 5:55 AM 19771 fmltoxsdgenerator.jar
          -a---- 3/3/2013 5:55 AM 807736 freemarker-2.3.9.jar
          -a---- 3/3/2013 5:55 AM 244330 jaxen-1.1-beta-6.jar
          -a---- 3/3/2013 5:55 AM 367444 log4j-1.2.14.jar

            T
            Test Screen Name
            Legend
            March 31, 2022

            LiveCycle Designer is not included with any current Acrobat or Creative Cloud product. LiveCycle as a freestanding product reached end of life in 2018. 

              L
              Lumigraphics
              Legend
              December 14, 2021

              As far as everyone is aware, no Adobe desktop applications are affected and likely no desktop apps from other vendors. This is an issue with a Java logging app typically run on servers, so many if not most service providers online will be affected.

              Regular users are most at risk of having your personal data stolen or services taken offline.

                jamesm9942588
                jamesm9942588
                Participant
                December 14, 2021

                Any word on the cloud services provided by adobe?

                stevelyver
                stevelyver
                Participant
                December 14, 2021

                We are looking for information regarding an Adobe response to the CVE-2021-44228 vunerability as well. Please advise.

                K
                Karim5F8A
                Participant
                December 14, 2021

                Good day

                 

                Since there is no information posted on Adobe security center for this:  https://helpx.adobe.com/security/Home.html


                For CVE-2021-44228 - log4j vulnerability - does anyone know which products are affected; any fix ETA or in the interim workaround or suggestion to mitigate the risk?  specifically is adobe acrobat or acrobat DC affected?

                 

                thank you

                 

                 

                D
                DineshBabu Sekar
                Participant
                December 16, 2021

                I wanted to reach out to you to find out if Adobe has any vulnerabilities relating to Log4j?  If so what steps need to be taken to fix these?

                Do we have any updates on the patches, looking for assistance.

                Thanks.

                M
                Marc22244064wdnb
                Participant
                December 14, 2021

                +1

                I'm also looking for more information this for Desktop cilents

                Terms & ConditionsAccessibility statement
                Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices