Cherwell NOT affected by Java logging library Apache Log4j
Many of us working in IT over the last seven days have been impacted by the news recently disclosed by security researchers, about the vulnerability CVE-2021-44228 in Apache’s log4j, which is a common Java-based library used for logging purposes.
Ivanti are reporting that Cherwell isn’t affected by the Java logging library Apache Log4j issue as follows:
Cherwell Asset Management (CAM) – Not Affected (Current and Legacy Versions)
Cherwell Service Management (CSM) – Not Affected (Current and Legacy Versions)
To read additional information from the Cherwell Forum about this issue, please click this link.