Java vulnerability
-
- Joined: Thu Oct 23, 2014 4:16 pm
- Website: apwt.realnoni.com
Java vulnerability
Just received an urgent message from Authorize.net instructing us to check our website and applications to ensure the latest updates have been applied. Does the latest with the Java vulnerability impact our website or any of the applications we use within AllProWebTools? If so what log4j version are we running?
-
- Support Team
- Website: www.allprowebtools.com
Re: Java vulnerability
Vulnerability monitoring and assessment is included with all subscriptions to AllProWebTools.
There are currently over 150,000 security vulnerabilities listed on the CVE database here: https://www.cvedetails.com/index.php While it is our policy not to comment on specific vulnerabilities (with over 150,000 and many new discoveries each day - this would be a daunting task), this link has been provided regarding the security and architecture of the AllProWebTools service: https://www.allprowebtools.com/AllProWe ... structure/
We encourage all users to report any findings of actual detected vulnerabilities as the result of scanners or notifications from outside vendors. - Support Team
-
- Website: www.realnoni.com
Re: Java vulnerability
That is why we are asking you about this. Authorize.net which is a giant credit card processor who I'm sure tons of your customers use as you offer a plug in for compatibility use with you software- it was Authorize.net who reached out to all their users letting them know of the extreme vulnerability and instructed us to ask our web site host/provider/developer/software if their system has been updated with the latest recommendations for the security threat.
We do not know where in the console to find this info to be able to tell if AllProWebTools as done the updates or if we are at great security risk. Does our website or any of the applications within AllProWebTools use Java? If so are they using specifically the log4j versions 2.0 – 2.14.1? If they are using any of these versions how do we update it to the recommended version or when will this been done on your end if it is something we cannot do directly....
We do not know where in the console to find this info to be able to tell if AllProWebTools as done the updates or if we are at great security risk. Does our website or any of the applications within AllProWebTools use Java? If so are they using specifically the log4j versions 2.0 – 2.14.1? If they are using any of these versions how do we update it to the recommended version or when will this been done on your end if it is something we cannot do directly....
-
- Website: apwt.realnoni.com
Re: Java vulnerability
Any update on this?
We do not know where in the console to find this info to be able to tell if AllProWebTools has done the updates or if we are at great security risk. Does our website or any of the applications within AllProWebTools use Java? If so are they using specifically the log4j versions 2.0 – 2.14.1? If they are using any of these versions how do we update it to the recommended version or when will this been done on your end if it is something we cannot do directly....
We do not know where in the console to find this info to be able to tell if AllProWebTools has done the updates or if we are at great security risk. Does our website or any of the applications within AllProWebTools use Java? If so are they using specifically the log4j versions 2.0 – 2.14.1? If they are using any of these versions how do we update it to the recommended version or when will this been done on your end if it is something we cannot do directly....