Are currently supported versions of SharePlex affected by the latest vulnerability Apache log4j 2 CVE-2021-44228? (4354654)

Quest R&D has reviewed SharePlex and determined that SharePlex is not affected by CVE-2021-44228.

SharePlex deploys log4j version 1.2.15 on installation, but that version of log4j it is not subject to CVE-2021-44228, and is only used by SharePlex for JMS/MQ

Apache log4j 2 vulnerability:

https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Because SharePlex is not impacted by CVE-2021-44228, no action is required.

Development team created a one-off for log4j Vulnerability and this will be included as part of SharePlex version 10.2 release. If one-off is required for older versions, please raise a request with support.

Please note that log4j is only used by SharePlex for JMS/MQ target.