This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hope XG isn't affected by the Log4j exploit

Turns out that if an attacker can provide some text -- say a phony system name, etc -- that will be logged by the ubiquitous Log4j java library, they can execute arbitrary code. It's used most everywhere so the issue is much larger than Sophos, but...

nakedsecurity.sophos.com/.../



This thread was automatically locked due to age.
Parents Reply
  • Spotbugs in SFOS will not be used in runtime of the appliance and is only a tool for the DEV part of QA. So the statement within the Advisory is still correct: Sophos Firewall does not use Log4j

    __________________________________________________________________________________________________________________

Children
No Data