web statisticsweb stats Business Phone Systems Tech Talk Forum - VOIP & Cloud Phone Help

Business Phone Systems

Previous Thread
Next Thread
Print Thread
Rate Thread
#641770 12/17/21 11:56 AM
Joined: Aug 2004
Posts: 1,609
Likes: 29
Toner Online Happy OP
Admin
*****
OP Online Happy
Admin
*****
Joined: Aug 2004
Posts: 1,609
Likes: 29
Avaya published a PSN notice about IP Office an log4j. It looks like One-X and a few other application server type things are affected: log4j PSN Link

Quote
Product Support Notice © 2021 Avaya Inc. All Rights Reserved.
PSN # PSN005946u Avaya Proprietary – Use pursuant to the terms of your signed agreement or company policy.
Original publication date 15-Dec-2021. This is Issue #03,
published date: 16-Dec-2021.
Severity/risk
level
High Urgency Immediately
Name of problem
IP Office Log4j vulnerability (CVE-2021-44228).
Products affected
IP Office Perpetual, Subscription, Powered By VM
Releases: 11.0.4.1 to 11.0.4.6. 11.1.0.0 to 11.1.2.0
Problem description
The one-X Portal for IP Office, Media Manager, Web RTC Gateway and Web Collaboration
applications are susceptible to the Log4j vulnerability CVE-2021-44228: Apache Log4j2 JNDI features
do not protect against attacker-controlled LDAP and other JNDI related endpoints.
This issue does not affect IP Office Basic Edition, Essential Edition, Branch deployments or IP Office
Powered By Containers.
Preferred Edition without any of the vulnerable applications active is also not affected.
Details for other Avaya products can be found at:
https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609
Resolution
A patch will be provided on or before 17th December 2021 to remediate all affected releases.
Workaround or alternative remediation
Ensure one-X Portal for IP Office, Media Manager, Web RTC Gateway and Web Collaboration
services are disabled


[Linked Image from web.atcomsystems.ca]
Looking for a VoIP Phone Canada provider? Put Atcom's valuable VoIP expertise to work for your business today!
Avaya IP Office Help & Support Website
IP Office Help

Avaya IP Office Help & Support Website


FAQs, documentation, videos, updates, and support for the Avaya IP Office business phone system!
Everything you need to know about installing, upgrading, and troubleshooting IP 500v2 and IPO Server Edition systems.

Toner #641774 12/17/21 12:00 PM
Joined: May 2004
Posts: 1,659
Likes: 4
Moderator-Avaya
*****
Offline
Moderator-Avaya
*****
Joined: May 2004
Posts: 1,659
Likes: 4
Yes, and if you click that link (if you are a partner) there are Enterprise Servers affected as well....

Toner #641776 12/17/21 12:04 PM
Joined: Aug 2004
Posts: 1,609
Likes: 29
Toner Online Happy OP
Admin
*****
OP Online Happy
Admin
*****
Joined: Aug 2004
Posts: 1,609
Likes: 29
Actually, it appears the link of affected Avaya products is open to the public:
Click Here

If I'm not mistaken I was able to view that resource just fine without logging in.


[Linked Image from web.atcomsystems.ca]
Looking for a VoIP Phone Canada provider? Put Atcom's valuable VoIP expertise to work for your business today!

Link Copied to Clipboard
Forum Statistics
Forums84
Topics94,262
Posts638,696
Members49,757
Most Online5,661
May 23rd, 2018
Popular Topics(Views)
211,098 Shoretel
187,707 CTX100 install
186,794 1a2 system
Newest Members
BPopilek, Rich F, LewisR, TDKs79, Buttinset
49,757 Registered Users
Top Posters(30 Days)
dexman 18
Toner 14
TDKs79 8
pvj 4
Who's Online Now
2 members (Toner, Touch Tone Tommy), 150 guests, and 233 robots.
Key: Admin, Global Mod, Mod
Contact Us | Sponsored by Atcom: One of the best VoIP Phone Canada Suppliers for your business telephone system!| Terms of Service

Sundance Communications is not affiliated with any of the above manufacturers. Sundance Phone System Forums - VOIP & Cloud Phone Help
©Copyright Sundance Communications 1998-2024
Powered by UBB.threads™ PHP Forum Software 7.7.5