Skip to main content
M
MiMie.A
Participant
May 26, 2023
Answered

Photoshop CS5.1 Log4j 1.2.15 Vulnerability

  • May 26, 2023
  • 2 replies
  • 1053 views

Did Adobe issue any patch or update to remediate Log4j 1.2.15 Vulnerability for the Photoshop CS5.1? According to the Tenable, my device has the Log4j vulnerability and my company's Security Department asked me to contact Adobe for any remedy. Any help/input is appreciated. Thanks!

 

 

This topic has been closed for replies.
Correct answer Test Screen Name

For sure not. CS 5 support finished 5 years after release, in 2015. This vulnerability was reported 6 years after support ended, in 2021. If a company is concerned about security, a common policy is to forbid running EOL software, which will not get security fixes. 

You need the company to get you a Creative Cloud subscription.

2 replies

davescm
Community Expert
davescmCommunity Expert
Community Expert
May 26, 2023

CS5.1 will never be patched. It was version 12 released in 2010 and replaced by CS6 (version 13 in 2012).

The current CC version in May 2023 is v24.5

 

@Test Screen Name That is a very good point you make that is often not considered by those who say version (insert any very old version you want) meets their needs. It also leaves open some vulnerabilities.

 

Dave

M
MiMie.AAuthor
Participant
May 26, 2023

Thanks for confirming this! I guess they will make me uninstall it and won't buy me a CC subscription ;(

T
Test Screen NameCorrect answer
Legend
May 26, 2023

For sure not. CS 5 support finished 5 years after release, in 2015. This vulnerability was reported 6 years after support ended, in 2021. If a company is concerned about security, a common policy is to forbid running EOL software, which will not get security fixes. 

You need the company to get you a Creative Cloud subscription.

    M
    MiMie.AAuthor
    Participant
    May 26, 2023

    That's what I figured. Thanks for your input! But do you know if the Log4j 1.x has any legitimate concern on CS5.1? I read in many Cold Fusion posts that it was not a vulnerability for Cold Fusion

    T
    Test Screen Name
    Legend
    May 26, 2023

    It's imposssible to say because (1) only Adobe ever had the internal information to check whether the vulnerability could be exploited in Photoshop and (2) Adobe are not going to devote time to doing that for an EOL product.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices