Contrast Security Applications affected by Log4j Vulnerability

Contrast has confirmed that Log4j vulnerability disclosed on Dec 10th has also affected all the security application also according to their advisory. Both SAAS and On-Premise versions are affected. All the SAAS (Cloud) applications has been patched to 2.16.0 version of log4j whereas for On-Premise version they have released patched versions which is recommended for the customers to get upgraded.


ProductVersionsStatusPatched
Hosted SaaS EnviromentsAllVulnerablePatched
Java AgentAllNot VulnerablePatched
On-premises (EOP) EnvironmentsAll VulnerablePatched
ScanAll VulnerablePatched
Source: https://support.contrastsecurity.com/hc/en-us/articles/4412612486548

Customers of On-Premises EOP Environments are recommended to upgrade to 3.8.10.1566200307 immediately whereas customers of Scan products should upgrade to version 0.0.124. In addition to these upgrades, the EOP customers can also add the following lines in the file contrast-server.vmoptions in the bin folder

-Dcom.sun.jndi.rmi.object.trustURLCodebase=false<br>-Dcom.sun.jndi.cosnaming.object.trustURLCodebase=false<br>-Dlog4j2.formatMsgNoLookups=true
Scroll to Top