|
SQL Anywhere 17 is not affected by this vulnerability. Replies hidden
The SAP note ("3130849 - CVE-2021-44228 - RCE 0-day exploit found in log4j - SQL Anywhere") states that: "... Note that versions of SQL Anywhere older than 17.0 are not being maintained. If this CVE is a concern, you should upgrade to SQL Anywhere 17.0." Can you please tell me if there is any information about "zero-day/Log4j2"-vulnerability for SQL Anywhere 16.0.0 and SQL Anywhere 12.0.1?
(29 Apr '22, 05:04)
Ilia63
Comment Text Removed
AFAIK log4j.jar didn't ship with SQL Anywhere after version 11.
(30 Apr '22, 10:07)
Breck Carter
|
https://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.help.sqlanywhere.12.0.1/sachanges/newinnsbruck-sectc-3789111.html
MobiLink server no longer requires log4j.jar The log4j.jar file is no longer required by the MobiLink server and is no longer deployed with the MobiLink server. If you require log4j.jar you must install your own version of the jar and put it in the classpath.
My blind guess - no. But you can check if your server still uses log4j.jar as a dependency.
Thanks... it doesn't appear to ship with SA16 or SA17, but it's a different story with ASE 16