Title | Security Advisory for Log4Shell vulnerability about OBSS apps on Jira Server and Jira Data Center |
Summary | Log4Shell vulnerability in the OBSS apps listed below was fixed |
Security Advisory Release Date | 15.12.2021 |
Severity | Critical |
Affected Products | Field Sync Service Desk Reporter |
Affected Version(s) | All Field Sync versions before 5.6.3 All Service Desk Reporter versions before 2.3.5 |
Fixed Version(s) | Field Sync 5.6.3 and above Service Desk Reporter 2.3.5 and above |
Details | A vulnerability in the widely used log4j library was published on Dev 9th 2021. Details can be found here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 Field Sync (v5.6.2 and earlier) and Service Desk Reporter (v2.3.4 and earlier) use this library and are thought to be exposed to this vulnerability. |
Workaround | Workarounds for this vulnerability (if any) can be found in the referenced CVE record https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 |
Permanent Fix | Upgrade to Field Sync 5.6.3 or above. Upgrade to Field Service Desk Reporter 2.3.5 or above. |
What you should do | If you are using Field Sync or Service Desk Reporter apps on your Jira Server or Jira Data Center instances, you should update your apps ASAP. |
Support | If you have questions, you can reach the OBSS support team through htttps://pluginsupport.obss.com.tr/ or by sending an e-mail to plugin@obss.com.tr |
Frequently Asked Questions (FAQ) |
|
Overview
Content Tools
Activity
Tasks