Hi Milind, Please take a look at this page, which has all the details: https://logging.apache.org/log4j/2.x/security.html
In short, the log4net library is not impacted. Only log4j (the java library) is impacted by this vulnerability. Kind regards, Remko On Sat, Dec 18, 2021 at 6:24 AM Milind Wankhede <mwankh...@smbc-cm.com> wrote: > Good Morning/Afternoon, > As you may know, a cyber-vulnerability impacting Java Library: log4j was > recently identified. > DHS warns of critical flaw in widely used software - CNNPolitics< > https://www.cnn.com/2021/12/11/politics/dhs-log4j-software-flaw-warning/index.html > > > > As a result and to provide our regulators confidence in our management of > the impact, we are engaging our vendors to determine both if they were > impacted (Yes/No) and if "Yes" what "Actions were taken?" > > We ask you consider in your response any 3rd party vendors which your > business may share SMBC data with as well. > > We are looking for impact on Log4Net project/Library. > > Vendor Reported Impact (Yes or No) > Actions Taken (If Any or N/A) > Impact to SMBC (Yes/No) > > > Please reply to all on this mail. > > To ensure we are in compliance with regulatory obligations we ask that you > please respond within 48 hours of this mail. > > Thank you, > > > Thanks & Regards! > Milind Wankhede > SMBC Capital Markets, Inc. > 277 Park Ave New York NY 10172 > Phone: (212) 224-5221 | Email: mwankh...@smbc-cm.com<mailto: > mwankh...@smbc-cm.com> > > This message, including any attachments, may contain information that is > privileged, confidential and/or protected by copyright, and is subject to > the terms available at > https://www.smbcgroup.com/americas/disclaimers/emaildisclaimer.html/ > If you are not the intended recipient, or have received this message in > error, please notify the sender immediately and delete this message. >
