Hi Eric,
Our lab has carefully reviewed the code and determined that although the WUMA application uses log4j-1.2.14.jar, the affected versions are 2.0<=Apache log4j2 <= 2.14.1.
I am glad to inform you that WebConnect is not impacted by the vulnerability!
------------------------------
Vladimir Skobarev
Manager Technical Support Engineering
Rocket Software
------------------------------
Original Message:
Sent: 12-14-2021 11:17
From: Eric Carlson
Subject: Is WebConnect affected by the log4j2 Zero Day vulnerability?
Management is asking us to check all of our java-using applications if they are affected by the log4j2 zero day vulnerability. Any information you can give me will be appreciated.
------------------------------
Eric Carlson
Product Manager
Kroger Co
Columbus OH US
------------------------------