Support Notice

Apache Log4j Vulnerability (CVE-2021-44228)

Our products do not suffer the reported vulnerability, because we do not use JVM, which is a key component of the vulnerability. Vulnerable files under this CVE do not exist on DSP or ADFR servers (unless of course they are part of other installed software, unrelated to Semperis). Please be aware that your server may contain .JAR archive files related to SQL Express or other software, which are not indicative of the presence of Java, or the vulnerability.

You can run a PowerShell script from the link below to check for vulnerable software installed on your DSP/ADFR (or any) server, which will confirm the absence of the vulnerable files:

Very kind regards,
Jim Doggett CISO – Semperis