Vulnerability in Apache Log4j affects Cognitum (CVE-2021-44228)
There is a vulnerability in the Apache Log4j open source libraries used by Cognitum applications. This affects the installation and also web applications built with Cognitum. This vulnerability has been addressed by COGNITUM Software Support.
All systems are potentially vulnerable to this exploit.
What should I do
--> upgrade to Cognitum 7.11.2
COGNITUM Software has provided a security update patch version (7.11.2) to close this vulnerability. This update is now available to all customers with an active maintenance contract. If you update your Cognitum installation to version 7.11.2 using the standard update mechanism your installation will be save. In order to secure the web applications created with Cognitum, they all must be migrated within the new Cognitum Version 7.11.2, generated and then redeployed.
--> upgrade the Log4J libraries
If you do not currently want to or cannot install an update or migrate and redeploy Cognitum Web Applications, please take at least the following measures:
Cognitum Installations:
1. Stop the Cognitum service2. In the Cognitum installation root, navigate to Server/devloader/lib/
3. In that folder replace the Jar files
- log4j-api-2.x.x.jar
- log4j-core-2.x.x.jar
- log4j-slf4j-impl-2.x.x.jar
- log4j-web-2.x.x.jar
with the latest versions (2.17.1 or newer).
4. Start the Cognitum service2. Navigate to WEB-INF/lib/
3. In that folder replace the Jar files
- log4j-api-2.x.x.jar
- log4j-core-2.x.x.jar
- log4j-slf4j-impl-2.x.x.jar
- log4j-web-2.x.x.jar
If you need additional details or assistance, please contact the COGNITUM Software Servicedesk (servicedesk@cognitum-software.com).