Log4j vulnerability and Adobe CC

Community Beginner ,
Dec 14, 2021 Dec 14, 2021

Copy link to clipboard

Copied

Hi,

Regarding the vulnerability CVE-2021-44228, I would like to know if the Adobe CC desktop app or any of the apps that can be installed with it make use of the vulnerable Log4j package.
If so, what steps do you recommend for mitigation?
Thank you very much for your help.

TOPICS
Collaboration

Views

6.3K

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Adobe Employee , Dec 16, 2021 Dec 16, 2021

Thank you, everyone, for your interest and concern regarding the recently discovered Log4j vulnerability.  For information on security issues related to the Apache Log4j 2 library and how it affects Adobe software and services, please bookmark and review https://helpx.adobe.com/security/products/log4j-2-advisory.html.

 

This is a developing situation, so please follow the guidance at the bottom and contact your dedicated Customer Success Manager (CSM), Technical Account Manager (TAM), or contact

...

Likes

Translate

Translate
New Here ,
Dec 14, 2021 Dec 14, 2021

Copy link to clipboard

Copied

+1

I'm also looking for more information this for Desktop cilents

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 14, 2021 Dec 14, 2021

Copy link to clipboard

Copied

Good day

 

Since there is no information posted on Adobe security center for this:  https://helpx.adobe.com/security/Home.html


For CVE-2021-44228 - log4j vulnerability - does anyone know which products are affected; any fix ETA or in the interim workaround or suggestion to mitigate the risk?  specifically is adobe acrobat or acrobat DC affected?

 

thank you

 

 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 16, 2021 Dec 16, 2021

Copy link to clipboard

Copied

I wanted to reach out to you to find out if Adobe has any vulnerabilities relating to Log4j?  If so what steps need to be taken to fix these?

Do we have any updates on the patches, looking for assistance.

Thanks.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 14, 2021 Dec 14, 2021

Copy link to clipboard

Copied

We are looking for information regarding an Adobe response to the CVE-2021-44228 vunerability as well. Please advise.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 14, 2021 Dec 14, 2021

Copy link to clipboard

Copied

As far as everyone is aware, no Adobe desktop applications are affected and likely no desktop apps from other vendors. This is an issue with a Java logging app typically run on servers, so many if not most service providers online will be affected.

Regular users are most at risk of having your personal data stolen or services taken offline.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Dec 14, 2021 Dec 14, 2021

Copy link to clipboard

Copied

Any word on the cloud services provided by adobe?

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Dec 14, 2021 Dec 14, 2021

Copy link to clipboard

Copied

log4j is usually bundled with everything Java-powered these days. You'll find the module embedded on desktop applications as well, not just server apps.

 

 

Would be great to have an official response

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Dec 16, 2021 Dec 16, 2021

Copy link to clipboard

Copied

Thank you, everyone, for your interest and concern regarding the recently discovered Log4j vulnerability.  For information on security issues related to the Apache Log4j 2 library and how it affects Adobe software and services, please bookmark and review https://helpx.adobe.com/security/products/log4j-2-advisory.html.

 

This is a developing situation, so please follow the guidance at the bottom and contact your dedicated Customer Success Manager (CSM), Technical Account Manager (TAM), or contact us directly at https://helpx.adobe.com/contact.html?rghtup=autoOpen for any questions you may have. 

 

Update https://helpx.adobe.com/security/products/log4j.html

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 16, 2021 Dec 16, 2021

Copy link to clipboard

Copied

The question of the day is what non-server applications are affected if any. I suspect none but it would be nice to know for sure.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Dec 16, 2021 Dec 16, 2021

Copy link to clipboard

Copied

Which is exactly the type of question you should contact your dedicated Customer Success Manager (CSM), Technical Account Manager (TAM), or contact us directly at https://helpx.adobe.com/contact.html?rghtup=autoOpen so that any specific questions can be addressed, Lumigraphics.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Dec 17, 2021 Dec 17, 2021

Copy link to clipboard

Copied

Hi Jeff, thank you for your reply. 
It would be good to have a website that lists all affected Adobe programs and services, whether they are affected or not, and what mitigation steps can be taken.
This would save both Adobe support staff and customers time.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Dec 16, 2021 Dec 16, 2021

Copy link to clipboard

Copied

At this point, several days after the exploit was shared, assume any vendor that won't give a direct answer is still figuring it out themselves. Best we can do is protect the perimeter. I know they are working on it.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Dec 21, 2021 Dec 21, 2021

Copy link to clipboard

Copied

Hi Jeff, thank you for the update. That's exactly what I meant.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Mar 30, 2022 Mar 30, 2022

Copy link to clipboard

Copied

Tenable vulnerability scanner sees log4j-1.2.14.jar hidden inside the LiveCycle directory in CC version 5.6.5.58 (February 2021). Is there a patch available for this vulnerable version of log4j in the newest version of Adobe Creative Cloud? The website you posted has no listing for LiveCycle vulnerability status. Details below...

-----------------------------------------------------------------------------------------------------------

PS C:\Program Files (x86)\Adobe\Adobe LiveCycle Designer ES4\Java\Libs> ls

Directory: C:\Program Files (x86)\Adobe\Adobe LiveCycle Designer ES4\Java\Libs

Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 3/3/2013 5:55 AM 1909418 adobe-xfa-3.1.0.jar
-a---- 3/3/2013 5:55 AM 531557 collections-generic-4.01.jar
-a---- 3/3/2013 5:55 AM 5135118 com.adobe.model.core.jar
-a---- 3/3/2013 5:55 AM 313359 dom4j-1.6.jar
-a---- 3/3/2013 5:55 AM 19771 fmltoxsdgenerator.jar
-a---- 3/3/2013 5:55 AM 807736 freemarker-2.3.9.jar
-a---- 3/3/2013 5:55 AM 244330 jaxen-1.1-beta-6.jar
-a---- 3/3/2013 5:55 AM 367444 log4j-1.2.14.jar

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Mar 31, 2022 Mar 31, 2022

Copy link to clipboard

Copied

LATEST

LiveCycle Designer is not included with any current Acrobat or Creative Cloud product. LiveCycle as a freestanding product reached end of life in 2018. 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 16, 2021 Dec 16, 2021

Copy link to clipboard

Copied

I wanted to reach out to you to find out if Adobe has any vulnerabilities relating to Log4j?  If so what steps need to be taken to fix these?

 

Looking for if there are patches and assistance.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 17, 2021 Dec 17, 2021

Copy link to clipboard

Copied

So far, Adobe wants you to contact support directly instead of just posting a list of software.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Dec 17, 2021 Dec 17, 2021

Copy link to clipboard

Copied

Lumigraphics is correct; please bookmark https://helpx.adobe.com/security/products/log4j-2-advisory.html to be kept up to date regarding the Log4j vulnerability.

 

If you have additional questions that https://helpx.adobe.com/security/products/log4j-2-advisory.html does not currently answer, please follow the guidance at the bottom of the document and contact us directly.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 17, 2021 Dec 17, 2021

Copy link to clipboard

Copied

+1 "What is Adobe's assessment of the Log4j security vulnerability as applied to Acrobat Pro DC, Adobe Captivate, Creative Cloud All Apps, Illustrator, Photoshop"

 

The only answer I get from Support chat is a non-answer. "That information has not been shared with us"

 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Dec 17, 2021 Dec 17, 2021

Copy link to clipboard

Copied

Latest advisory for CVE-2021-44228 is here: https://helpx.adobe.com/security/products/log4j.html

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 17, 2021 Dec 17, 2021

Copy link to clipboard

Copied

Deleted.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 23, 2021 Dec 23, 2021

Copy link to clipboard

Copied

Please, can you confirm if Adobe Creative Cloud are affected by the LOG4SHELL vulnerability (CVE-2021-44228) ?

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Dec 23, 2021 Dec 23, 2021

Copy link to clipboard

Copied

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Dec 29, 2021 Dec 29, 2021

Copy link to clipboard

Copied

Photoshop CS5.5 (v12.1) desktop version appears to use log4j in the service manager components.  Will there be a patch for this older version ?  

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines