cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
frankvanesch-
Frequent Visitor

CVE-2021-44228 Log4j 2 exploitation

‎12-13-2021 01:59 AM

Hi Community,

 

I do not know this is the right place to ask, but. 

Is the Microsoft-Power platform (Non-custom connectors, Canvas Apps, DAX etc?) vulnerable to this Log4j 2 Exploit? 

 

 

Labels:
Message 1 of 3
2,557 Views
0 Kudos
2 REPLIES 2
hbd
Regular Visitor

‎12-13-2021 04:15 AM

hbd_0-1639397666185.png

yes it's using log4j 2.12.1 in \Program Files (x86)\Power Automate Desktop\java-support\PAD.JavaBridge.jar, log4j 2.12.1

Message 2 of 3
2,545 Views
esullivan
New Member

‎12-14-2021 07:20 AM

I have found this file to be vulnerable as well:
C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.2290.0_x64__8wekyb3d8bbwe\java-support\PAD.JavaBridge.jar

 

C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.2290.0_x64__8wekyb3d8bbwe\java-support\PAD.JavaBridge.jar contains Log4J-2.x >= 2.10.0 _VULNERABLE

 

I have uninstalled Power Automate and the file remains

Message 3 of 3
1,329 Views
0 Kudos

Helpful resources

Announcements
Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

May UG Leader Call Carousel 768x460.png

June User Group Leader Call

Join us on June 28 for our monthly User Group leader call!

MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

Power Automate Designer Feedback_carousel.jpg

Help make Flow Design easier

Are you new to designing flows? What is your biggest struggle with Power Automate Designer? Help us make it more user friendly!

View All
Users online (1,172)