![]() Toad Edge doesn't use Log4j 2, but does use Log4 1.2.17 The only messages we get from LDAP are numeric error codes, and Toad does not use any lookup substitution on them, or anything else. Toad doesn't use any log message lookup substitution. "An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled" It's unclear if Oracle LDAP client this uses Log4j, but believe this is not the case. Toad for Oracle uses OraLDAPClntNN.dll (where NN is oracle version number like 12, 18, 19, etc) Therefore this vulnerability does not affect the product. Storage Performance and Utilization Management.Information Archiving & Storage Management. ![]() Hybrid Active Directory Security and Governance.Starling Identity Analytics & Risk Intelligence.One Identity Safeguard for Privileged Passwords.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |