Forum Discussion
Log4j vulnerability
Does the Log4j vulnerability affect Articulate 360? If someone could share some information about this I would appreciate it.
Hello Suhaz, and welcome to E-Learning Heroes. 😊
Thank you for reaching out regarding the Apache Log4j vulnerability.
Your data is secure. Articulate 360 and Rise.com aren't susceptible to the code injection exploit in Apache Log4j (CVE-2021-44228), and none of our customers' PII (Personal Identifiable Information) is compromised. Check out this article for more details. Let me know if you need anything else!
Hi Leslie, how about Storyline 3? Is that version or its output susceptible?
Best regards, Viktor Nagy
Hey Viktor, great follow-up question!
The information Leslie shared also applies to Storyline 3. We only use the Java library in an internal reporting tool, and we mitigated the issue by configuring the system properties that the Apache Log4j vulnerability targeted. We found no indication of exploits in our internal reporting tool nor any compromised data.
Couldn't resist. From The Cyber Security Hub on LinkedIn.
It is possible that Articulate 360 could be affected by a vulnerability in Log4j. Log4j has had several vulnerabilities over the years, some of which could potentially be exploited to compromise the security of applications that use it. However, without more information about the specific vulnerability in question and how it might be exploited, it is difficult to determine whether Articulate 360 is affected.
It is important to note that vulnerabilities can be discovered and fixed over time, so it is always a good idea to ensure that you are using the latest version of any software that you rely on. This includes keeping your operating system, web browsers, and other applications up to date with the latest security patches. Vulners is a search engine for security intelligence. It provides a comprehensive and customizable platform for searching, tracking and analyzing vulnerabilities, exploits, patches and updates. Vulners allows users to search for security information on a variety of sources such as CVE (Common Vulnerabilities and Exposures), NVD (National Vulnerability Database), OSVDB (Open Source Vulnerability Database), CERT and more. The engine is equipped with analytics and visualization tools, including a heat-map visualizer which helps users to better understand the security posture of their system. Additionally, Vulners allows users to access the CVE alert wall that displays the most common vulnerabilities and their overall severity and risk.
Log4j is a Java Library - Java is not used in Storyline applications
here is a list of all used third party software
https://cdn.articulate.com/assets/pdfs/Articulate_360_Software_Notices.pdf
