log4j PSN

Print Thread

Rate Thread

log4j PSN #641770 12/17/21 11:56 AM
Joined: Aug 2004 Posts: 1,745 Likes: 49 Calgary, AB, Canada Toner Admin
Toner Admin Joined: Aug 2004 Posts: 1,745 Likes: 49 Calgary, AB, Canada	Avaya published a PSN notice about IP Office an log4j. It looks like One-X and a few other application server type things are affected: log4j PSN Link Quote Product Support Notice © 2021 Avaya Inc. All Rights Reserved. PSN # PSN005946u Avaya Proprietary – Use pursuant to the terms of your signed agreement or company policy. Original publication date 15-Dec-2021. This is Issue #03, published date: 16-Dec-2021. Severity/risk level High Urgency Immediately Name of problem IP Office Log4j vulnerability (CVE-2021-44228). Products affected IP Office Perpetual, Subscription, Powered By VM Releases: 11.0.4.1 to 11.0.4.6. 11.1.0.0 to 11.1.2.0 Problem description The one-X Portal for IP Office, Media Manager, Web RTC Gateway and Web Collaboration applications are susceptible to the Log4j vulnerability CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints. This issue does not affect IP Office Basic Edition, Essential Edition, Branch deployments or IP Office Powered By Containers. Preferred Edition without any of the vulnerable applications active is also not affected. Details for other Avaya products can be found at: https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 Resolution A patch will be provided on or before 17th December 2021 to remediate all affected releases. Workaround or alternative remediation Ensure one-X Portal for IP Office, Media Manager, Web RTC Gateway and Web Collaboration services are disabled Looking for a VoIP Phone Canada provider? Put Atcom's valuable VoIP expertise to work for your business today!

Avaya IP Office Help & Support Website

Avaya IP Office Help & Support Website

FAQs, documentation, videos, updates, and support for the Avaya IP Office business phone system!
Everything you need to know about installing, upgrading, and troubleshooting IP 500v2 and IPO Server Edition systems.

Re: log4j PSN Toner #641774 12/17/21 12:00 PM
Joined: May 2004 Posts: 1,668 Likes: 4 WI mongo5150 Moderator-Avaya
mongo5150 Moderator-Avaya Joined: May 2004 Posts: 1,668 Likes: 4 WI	Yes, and if you click that link (if you are a partner) there are Enterprise Servers affected as well.... www.IPofficeinfo.com http://ipofficeassistance.com

Re: log4j PSN Toner #641776 12/17/21 12:04 PM
Joined: Aug 2004 Posts: 1,745 Likes: 49 Calgary, AB, Canada Toner Admin
Toner Admin Joined: Aug 2004 Posts: 1,745 Likes: 49 Calgary, AB, Canada	Actually, it appears the link of affected Avaya products is open to the public: Click Here If I'm not mistaken I was able to view that resource just fine without logging in. Looking for a VoIP Phone Canada provider? Put Atcom's valuable VoIP expertise to work for your business today!

Moderated by hitechcomm, mongo5150, Touch Tone Tommy

Hop To

Link Copied to Clipboard

sundance-communications.com/forum Forums TDM Business Telephone Systems Avaya - Lucent Telephones & Systems log4j PSN