Solved: Re: CSCwa47273 - Log4j vulnerability for UCCE

stuartrwalker · ‎12-14-2021

If my version is not listed in the known affected release list, does that mean my version is not affected? I noticed that some of the bug entries for things like CUCM list unaffected versions as well as affected versions. Will UCCE and it's subsystems list unaffected versions?

freymatt · ‎12-17-2021

Hi stuartrwalker,

You can find the answer in the FAQ - Section of the page.

Q.2 Are the ICM versions i.e. (Router ,Logger, AW, PG) 10.x , 11.0(x) , 11.5(x) and 11.6(1) affected?

Answer: These versions are not impacted as they use 1.X version of log4j.

So can have a good night

View solution in original post

emilio1012 · ‎12-14-2021

We are looking for the same thing. List of affected and not affected UCCE versions.

Leo Laohoo · ‎12-14-2021

freymatt · ‎12-17-2021

If you didn't already found it:

https://www.cisco.com/c/en/us/support/docs/contact-center/unified-contact-center-enterprise/217602-understand-the-impact-of-apache-log4j-vu.html

stuartrwalker · ‎12-17-2021

This is useful, but it doesn't quite answer the question. Our version of UCCE is 11.6.1.0.4.11. However, this link mentions UCCE versions 11.6(2), 12.0(1), 12.5(1), and 12.6(1). Does this mean that 11.6(1) is not affected? I don't want to make that assumption, and it would be nice to get clarification from Cisco. We could all sleep a little better at night.

freymatt · ‎12-17-2021

Hi stuartrwalker,

You can find the answer in the FAQ - Section of the page.

Q.2 Are the ICM versions i.e. (Router ,Logger, AW, PG) 10.x , 11.0(x) , 11.5(x) and 11.6(1) affected?

Answer: These versions are not impacted as they use 1.X version of log4j.

So can have a good night

stuartrwalker · ‎12-17-2021

That's fantastic. Thanks for replying!

Here's the link again for those trying to follow this thread: https://www.cisco.com/c/en/us/support/docs/contact-center/unified-contact-center-enterprise/217602-understand-the-impact-of-apache-log4j-vu.html