Java vulnerability

Need help? Please give a detailed explanation of your problem.
Post Reply
Lfrailey173
Posts: 505
meble kuchenne Mikołów Knurów Czechowice-Dziedzice
Joined: Thu Oct 23, 2014 4:16 pm
Website: apwt.realnoni.com

Java vulnerability

Post by Lfrailey173 »

Just received an urgent message from Authorize.net instructing us to check our website and applications to ensure the latest updates have been applied. Does the latest with the Java vulnerability impact our website or any of the applications we use within AllProWebTools? If so what log4j version are we running?
User avatar
Brads326
Support Team
Support Team
Posts: 179
Joined: Tue Dec 12, 2017 10:06 am
Website: www.allprowebtools.com

Re: Java vulnerability

Post by Brads326 »

Vulnerability monitoring and assessment is included with all subscriptions to AllProWebTools.

There are currently over 150,000 security vulnerabilities listed on the CVE database here: https://www.cvedetails.com/index.php While it is our policy not to comment on specific vulnerabilities (with over 150,000 and many new discoveries each day - this would be a daunting task), this link has been provided regarding the security and architecture of the AllProWebTools service: https://www.allprowebtools.com/AllProWe ... structure/

We encourage all users to report any findings of actual detected vulnerabilities as the result of scanners or notifications from outside vendors.
Steve173
Posts: 174
Joined: Mon Jun 01, 2015 7:55 pm
Website: www.realnoni.com

Re: Java vulnerability

Post by Steve173 »

That is why we are asking you about this. Authorize.net which is a giant credit card processor who I'm sure tons of your customers use as you offer a plug in for compatibility use with you software- it was Authorize.net who reached out to all their users letting them know of the extreme vulnerability and instructed us to ask our web site host/provider/developer/software if their system has been updated with the latest recommendations for the security threat.

We do not know where in the console to find this info to be able to tell if AllProWebTools as done the updates or if we are at great security risk. Does our website or any of the applications within AllProWebTools use Java? If so are they using specifically the log4j versions 2.0 – 2.14.1? If they are using any of these versions how do we update it to the recommended version or when will this been done on your end if it is something we cannot do directly....
Lfrailey173
Posts: 505
Joined: Thu Oct 23, 2014 4:16 pm
Website: apwt.realnoni.com

Re: Java vulnerability

Post by Lfrailey173 »

Any update on this?

We do not know where in the console to find this info to be able to tell if AllProWebTools has done the updates or if we are at great security risk. Does our website or any of the applications within AllProWebTools use Java? If so are they using specifically the log4j versions 2.0 – 2.14.1? If they are using any of these versions how do we update it to the recommended version or when will this been done on your end if it is something we cannot do directly....
Post Reply