Ticket ID: 26069 Creation Date: 12/13/2021 9:41 PM Product: SiteKiosk Classic Windows Attachment: -
TicketType: Support Request Version: 9.8.0 Language: English
Views: 7440 Last Modification Date: 1/11/2022 10:06 AM Platform:
Level: Closed

Support Request: Inquiry regarding logj4 vulnerabilities

Description

With the ongoing critical news regarding log4j vulnerabilities within Java applications. We at Stingray would like to inquire if sitekiosk servers are vulnerable.

For your reference, here's an article about it
https://www.google.com/amp/s/www.kaspersky.com/blog/log4shell-critical-vulnerability-in-apache-log4j/43124/amp/

I just spoke with our internal team and they have given me a list of questions that will required your input.

• Do any of your applications (both internal and third parties) use Java?
• Is the logging library log4j currently in use for such applications?
• What is the version of log4j currently installed?
• Is the application publicly exposed (internet-facing) or only available internally?
• Do you perform sanitization of any inputs available in your application (user login, GET requests, search bars, web forms, etc)?
• Are your third-party applications affected by this issue (see above article for the list of known affected services)?

Answer: (1)
Re: Inquiry regarding logj4 vulnerabilities 12/14/2021 9:20 AM
Hello,

SiteKiosk Software (Client and Server) based on Windows operating system is not affected by the Zero Day Exploit regarding Log4j. In SiteKiosk Android we use a version of Log4j which is not affected by the vulnerability.

Please see here:
https://www.sitekiosk.com/news/no-danger-for-sitekiosk-server-and-applications/

Regards,
Michael Olbrich
Post comment
My Account
Login
Language (Tickets):