IAM bundles logback libraries for which the following CVE has been published. Still, Camunda recommends applying fixes as mentioned in the Solution section below. As a result, Camunda does not consider IAM to be affected by the vulnerability. However, IAM does not bundle the log4j-core library which contains the vulnerability referred to by the CVE. Specifically, IAM bundles log4j-api and log4j-to-slf4j. You are using Zeebe, Operate or Tasklist version <= 1.2.7 or <= 1.1.8 Solution You are using IAM version <= 1.2.8 Solution
#Impact client 1.1.9 how to#
How to determine if the installation is affected
IAM bundles log4j libraries for which the following CVE has been published. You are using Zeebe, Operate or Tasklist version <= 1.2.8 or <= 1.1.9 Solution Īt this point, Camunda is not aware of any specific attack vector in Zeebe, Operate or Tasklist allowing attackers to exploit the vulnerability but recommends applying fixes as mentioned in the Solution section below. Zeebe, Operate and Tasklist bundle log4j-core for which the following CVE has been published. You are using Zeebe, Operate or Tasklist version <= 1.2.11 or <= 1.3.6 Solution Ĭamunda has provided the following releases which contain a fix
Zeebe, Operate, Tasklist and IAM are using the Spring framework for which the following CVE has been published: Īt this point, Camunda is not aware of any specific attack vector in Zeebe, Operate, Tasklist or IAM allowing attackers to exploit the vulnerability but recommends applying fixes as mentioned in the Solution section below. Camunda publishes security notices after fixes are available.
0 kommentar(er)
