Unsupported Log4j version is using on Watchguard System Manager
We are using the Watchguard System Manager. After the vulnerability scan on the server with WSM, a critical risk item about unsupported Log4j log4j-1.2.8.jar is using and which is end of life.
We have installed the latest version of WSM 12.8 but the log4j is still in old version. Please advise how do we address the risk item.
0
Sign In to comment.
Comments
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2021-00003
I know this post is kind of old. The article linked talks about JMSAppender.class not being in the Watchguard jar file, but isn't SocketServer.class also vulnerable and it does appear to be in the jar file in the WSM install.