Inphinity Suite not affected by Log4shell vulnerability

Inphinity Suite not affected by Log4shell vulnerability

We are aware of the recently disclosed RCE (Remote Code Execution) vulnerability in the Log4j2 library CVE-2021-44228 (also called Log4Shell).

We reviewed our products and libraries used and we determined our products are not affected by this vulnerability, see details below:

Inphinity Forms

Inphinity Forms are not using any version of Log4j library and thus are not affected by CVE-2021-44228.

Inphinity Flow

Inphinity Flow is a front-end extension, does not use Java at all, does not use the Log4j library thus is not affected by Log4Shell.

Inphinity Mole

Inphinity Mole UDC is using Log4j v.1.2.17 that is not affected by CVE-2021-44228. This version does not contain the exploitable JndiLookup class present in versions from 2.0 to 2.14.1. Currently, there is no knowledge of RCE exploits against Log4j v1.2 log message substitution similar to Log4j2.

Another vulnerability (CVE-2019-17571) was found to be present in the library version used, but the affected component (SocketServer class) is not used in the product and the product is not affected by CVE-2019-17571.

Qlik Sense

Regarding Qlik Sense and related products, you can find information here.

We can’t wait to show you how to supercharge your Qlik capabilities!

Book a demo