FEDEX Ship Manager #698
Comments
Downloading and installing the latest 3509. Will test again following. |
The Log4J files are updated by the latest installation version 3509. However, the log4j-core-2.16.0.jar is listed as vulnerable CVE CVE-2021-45105. |
hi @Gadgetgeek2000, thanks for your research. Would you mind submitting a PR? Have a look at https://docs.github.com/en/repositories/working-with-files/managing-files/editing-files#editing-files-in-another-users-repository if this is new for you. |
I'm not very familiar with Github but I'll check it out. |
Just got word from my rep: The FSM (Fedex Ship Manager) 3510 PLC version tentatively due for release on 1/24 contains the Log4j version 2.17. |
Following files were found on the FEDEX Ship Manager server installation, version 3508:
C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-api-2.8.2.jar
C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-core-2.8.2.jar
C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-jcl-2.8.2.jar
C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-slf4j-impl-2.8.2.jar
C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4jna-api-2.0.jar
The text was updated successfully, but these errors were encountered: