Phone Systems

Sponsored by Atcom
Get a free phone!
Previous Thread
Next Thread
Print Thread
Rate Thread
#641770 12/17/21 03:56 PM
Joined: Aug 2004
Posts: 1,326
Likes: 8
Toner Offline OP
Admin
*****
OP Offline
Admin
*****
Joined: Aug 2004
Posts: 1,326
Likes: 8
Avaya published a PSN notice about IP Office an log4j. It looks like One-X and a few other application server type things are affected: log4j PSN Link

Quote
Product Support Notice © 2021 Avaya Inc. All Rights Reserved.
PSN # PSN005946u Avaya Proprietary – Use pursuant to the terms of your signed agreement or company policy.
Original publication date 15-Dec-2021. This is Issue #03,
published date: 16-Dec-2021.
Severity/risk
level
High Urgency Immediately
Name of problem
IP Office Log4j vulnerability (CVE-2021-44228).
Products affected
IP Office Perpetual, Subscription, Powered By VM
Releases: 11.0.4.1 to 11.0.4.6. 11.1.0.0 to 11.1.2.0
Problem description
The one-X Portal for IP Office, Media Manager, Web RTC Gateway and Web Collaboration
applications are susceptible to the Log4j vulnerability CVE-2021-44228: Apache Log4j2 JNDI features
do not protect against attacker-controlled LDAP and other JNDI related endpoints.
This issue does not affect IP Office Basic Edition, Essential Edition, Branch deployments or IP Office
Powered By Containers.
Preferred Edition without any of the vulnerable applications active is also not affected.
Details for other Avaya products can be found at:
https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609
Resolution
A patch will be provided on or before 17th December 2021 to remediate all affected releases.
Workaround or alternative remediation
Ensure one-X Portal for IP Office, Media Manager, Web RTC Gateway and Web Collaboration
services are disabled

Toner #641774 12/17/21 04:00 PM
Joined: May 2004
Posts: 1,625
Moderator-Avaya
*****
Offline
Moderator-Avaya
*****
Joined: May 2004
Posts: 1,625
Yes, and if you click that link (if you are a partner) there are Enterprise Servers affected as well....

Toner #641776 12/17/21 04:04 PM
Joined: Aug 2004
Posts: 1,326
Likes: 8
Toner Offline OP
Admin
*****
OP Offline
Admin
*****
Joined: Aug 2004
Posts: 1,326
Likes: 8
Actually, it appears the link of affected Avaya products is open to the public:
Click Here

If I'm not mistaken I was able to view that resource just fine without logging in.


Link Copied to Clipboard
Forum Statistics
Forums84
Topics93,375
Posts634,587
Members49,525
Most Online5,661
May 23rd, 2018
Popular Topics (Views)
Today's Birthdays
apexnetworks, blpogue, Hillyard, Silversam
Newest Members
NiagaraGuy, Luv2uallday, FredSkidoo, tspa, xtrememachines
49,525 Registered Users
Top Posters (30 Days)
Toner 17
dexman 12
R4+Z 6
Who's Online Now
0 members (), 5 guests, and 7 robots.
Key: Admin, Global Mod, Mod
Contact Us | Sponsored by Atcom: Business Telephone Systems Canada | Terms of Service

Sundance Communications is not affiliated with any of the above manufacturers.
©Copyright Sundance Communications 1998-2022
Powered by UBB.threads™ PHP Forum Software 7.7.5