Hi MF S,
Thanks for coming back to me. The agents team gave me the following response:
Big-Data agents have log4j as part of Java package, because we handle injection into java running apps.
The log4j version is unaffected, and we don't use it for logging.
Agent code is based on C/C++ and not Java.
I hope this helps.
------------------------------
Sarah Lamont(csp)
Digital Community Manager
------------------------------
Original Message:
Sent: 12-15-2021 04:21
From: MF S
Subject: Imperva ragent - does it use log4j? Any impact?
Hi @Sarah Lamont
This exactly what i saw previously....but seems inconsistent with the statement vs what we see in ragent folder
On-Premises Agents - Log4j is not used
------------------------------
MF S
IT Security
Kuala Lumpur
Original Message:
Sent: 12-15-2021 03:33
From: Sarah Lamont(csp)
Subject: Imperva ragent - does it use log4j? Any impact?
Hi MF S,
I think this link should help...
Imperva Documentation Portal - Log4j2 vulnerability - CVE-2021-44228
Thanks,
Sarah
------------------------------
Sarah Lamont(csp)
Digital Community Manager
Original Message:
Sent: 12-15-2021 03:14
From: MF S
Subject: Imperva ragent - does it use log4j? Any impact?
Hi All,
As per above, the advisory that I saw mentioned as not impacted.
Can see below path:
/opt/imperva/ragent/bin/java/lib/log4j-1.2.17.jar
Due to legacy agent?
#ImpervaAgent
------------------------------
MF S
IT Security
Kuala Lumpur
------------------------------