i have already read the KB-000043545 - but still one question here:
Quote: "....Sophos has released a new version (9.7.2) of the Sophos Mobile EAS Proxy to address this vulnerability...."
===> So there is a new version of the EAS Proxy Standalone Edition
Quote: "...Other Sophos Mobile components.......Sophos Mobile 9.5 or higher are not using the log4j component which is affected by this vulnerability, meaning Sophos Mobile in Central and Sophos Mobile on-premise are not affected by this vulnerability......"
===> We have alreade the on-premise version 9.7.3
The Question: We use the "internal EAS proxy that is automatically installed with Sophos Mobile" => Is there still the log4j vulnerability - or was this already fixed => so just the users of the "Standalone Edition" have to update ?
Thanks for your support
Thank you for reaching out to the Sophos Community Forum.
It is my understanding that if your SMC Server installation is running a version higher than 9.5, you will not need to patch. This…