...
Generally speaking, DualShield is not susceptible to this vulnerability.
1. DualShield 5.x includes Log4j 1.x which is not susceptible to this vulnerability2. , DualShield 6.1, 6.2, 6.3 includes the Log4j 2.14 file but does not use it.1.x which is not susceptible to this vulnerability
23. DualShield 6.4 adds a new but optional module called Certificate Server. Log4j 2.14 is included and used in the Certificate Server. However, DualShield 6.4 includes JRE 8u203 which is not susceptible to Remote Code Execution (RCE).
| Info |
|---|
According to this article, and this blog post, if the server has Java runtimes later than 8u121, then it is protected against remote code execution via JNDI. |
Actions taken by the DualShield team
...