I fear there's a typo in the link above, I suppose it should be
https://knowledge.broadcom.com/external/article?articleId=230205. Anyway, we still have API Portal 3.5 customers out there. Though this version is EOS, I'd appreciate if you could also share how they are affected, and recommendations for mitigation. Thanks, Dirk
------------------------------
APIIDA AG
Germany
------------------------------
Original Message:
Sent: Dec 13, 2021 10:32 AM
From: Adarsh Shetty
Subject: Layer7 API Gateway - Log4J - CVE-2021-44228
As per the article published at below link, initial assessment indicates no impact on the Portal.
https://knowledge.broadcom.com/external/article?articleId=230293
Over the support ticket , I was told that they are still finalizing the review and we will get an announcement soon.
Thanks,
aDARSH
Original Message:
Sent: Dec 12, 2021 07:32 PM
From: Guy deffaux
Subject: Layer7 API Gateway - Log4J - CVE-2021-44228
Is API Developer Portal impacted as well?
Original Message:
Sent: Dec 10, 2021 06:17 PM
From: Amogh Agrawal
Subject: Layer7 API Gateway - Log4J - CVE-2021-44228
Date: Dec 10, 2021
Dear Broadcom Customer,
The purpose of this Advisory is to inform you of a critical vulnerability that has been recently identified with the log4j library under vulnerability, CVE-2021-44228.
We are investigating the impact for the Layer7 API Gateway in detail at this time. Preliminary investigation shows that the API Gateway is not affected as it does not include "JndiLookup.class" in any of the versions. At this time no action is required for the Layer7 API gateway related to the CVE. We will post further updates as and when they become available.
If you have any questions about this Advisory, please contact Broadcom Support.
Thank you,
Broadcom Product Team