Master Operational Excellence in 2025: Insights You Won’t Want to Miss!
Register
View all
Join now

log4j

JK
Posted by Joachim Kindler
Posted on in ARIS Express

Hi,

I understood that Aris Express was somehow effected by the log4j issue.

I had to delete ARIS Express as communicated by my organization.

Ist it OK to install it again?

Best regards, Joachim

249
5
Profile picture for user rbe
by Runé Becker
Badge for 'Mastermind' achievement
Posted on Wed, 01/26/2022 - 14:55

Dear Joachim,

The well known vulnerability of Log4j published in Dec 2021 was never an issue for ARIS Express, because we don't have the affected Log4J version 2 included in ARIS Express. We are using a prior version. Source: Apache Log4j - are we affected? | ARIS BPM Community (ariscommunity.com)

So there is neither a reason for you to remove ARIS Express from your computer, nor do we have see a need to build a new version of ARIS Express.

Cheers
Runè

0
TR
by Tobias Roth
Posted on Tue, 02/08/2022 - 11:43

Dear René

we used also ARIS Express in our company. We deleted ARIS Express from all our computers, because our research showed us, that it uses "log4j__V2.3.jar". 

Log4j is vulnerable from 2.0-beta9 til incl. 2.14.1.

So please tell me why it should not be vulnerable. 

Thanks and best regards

Tobias

0
TR
by Tobias Roth
Posted on Tue, 02/08/2022 - 11:43

Dear René

we used also ARIS Express in our company. We deleted ARIS Express from all our computers, because our research showed us, that it uses "log4j__V2.3.jar". 

Log4j is vulnerable from 2.0-beta9 til incl. 2.14.1.

So please tell me why it should not be vulnerable. 

Thanks and best regards

Tobias

0
Profile picture for user rbe
by Runé Becker
Badge for 'Mastermind' achievement
Posted on Tue, 02/08/2022 - 18:48

I think Frank Weyand already replied to you here Apache Log4j - are we affected? | ARIS BPM Community (ariscommunity.com)

I can't add anything else except that we also had many "false positives", means, a software found by a scanner which didn't toroughly searched for the real Log4J CVEs but only for the Log4J classes, regardless of version and content.

I hope you get ARIS Express soon be put on a whitelist.

Cheers
Runè

0

Featured achievement

Explorer
Take a tour! Learn more about the different ARIS Community areas and ARIS editions.
Recent Unlocks
  • KY
  • ДС
  • Profile picture for user lunin_o
  • DN
  • OG
  • PacMan

Leaderboard

|

View posts by tag

icon-arrow-down icon-arrow-cerulean-left icon-arrow-cerulean-right icon-arrow-down icon-arrow-left icon-arrow-right icon-arrow icon-back icon-close icon-comments icon-correct-answer icon-tick icon-download icon-facebook icon-flag icon-google-plus icon-hamburger icon-in icon-info icon-instagram icon-login-true icon-login icon-mail-notification icon-mail icon-mortarboard icon-newsletter icon-notification icon-pinterest icon-plus icon-rss icon-search icon-share icon-shield icon-snapchat icon-star icon-tutorials icon-twitter icon-universities icon-videos icon-views icon-whatsapp icon-xing icon-youtube icon-jobs icon-heart icon-heart2 aris-express bpm-glossary help-intro help-design Process_Mining_Icon help-publishing help-administration help-dashboarding help-archive help-risk icon-knowledge icon-question icon-events icon-message icon-more icon-pencil forum-icon icon-lock