Skip to content

Contrast Security Applications affected by Log4j Vulnerability

Contrast has confirmed that Log4j vulnerability disclosed on Dec 10th has also affected all the security application also according to their advisory. Both SAAS and On-Premise versions are affected. All the SAAS (Cloud) applications has been patched to 2.16.0 version of log4j whereas for On-Premise version they have released patched versions which is recommended for the customers to get upgraded.

Hosted SaaS EnviromentsAllVulnerablePatched
Java AgentAllNot VulnerablePatched
On-premises (EOP) EnvironmentsAll VulnerablePatched
ScanAll VulnerablePatched

Customers of On-Premises EOP Environments are recommended to upgrade to immediately whereas customers of Scan products should upgrade to version 0.0.124. In addition to these upgrades, the EOP customers can also add the following lines in the file contrast-server.vmoptions in the bin folder