This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

log4j Vulnerability for Apigee OPDK and Apigee in AWS

Posted on 12-16-2021 11:50 AM
aramkrishna6
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

As per link https://cloud.google.com/log4j2-security-advisory
indicates about Apigee OPDK related Vulnerability would like to know,

1) If Apigee OPDK 4.19.06, will have any impact (we have planned to move to 4.51.00 but would like to know, impact for listed version.

2) If Apigee  4.19.06 running in AWS will have any impact.

3) Also would like to know, if JVM version should be greater than 1.8  

4)  Will have to follow listed settings for JVM as indicated in Java permission reference  |  Apigee Edge  |  Apigee Docs

Any additional information to be analyzed other than listed above.. Observed few other information from @brendanvu 

0 1 666
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Hi Aram

I think you are aware that 4.19.06 has reached end-of-support date in May 2021.  The impact analysis we conducted with respect to the log4Shell vulnerability focused on the supported versions of OPDK: 4.50 and 4.51. Based on that analysis, we made a statement that OPDK 4.50 and 4.51 are not vulnerable to the log4Shell vulnerability.  We have not dedicated any time to analyzing 4.19.06, with respect to this vulnerability.  As such, we cannot make any concrete statement of impact for OPDK 4.19.06.  i don't expect that our response teams will perform the required analysis on 4.19.06 to make any such statement in the future.

I urge you to upgrade to 4.51.  

 

 

0 Likes
Top Solution Authors
View all