Provar and the Log4J vulnerability

Provar is aware of the Log4J vulnerability that became public on the 9th December.

From our initial analysis we do not believe that Provar is vulnerable.

The attack involves injecting messages into server logs with placeholder variables that are then looked up in an external LDAP server. Since Provar is a desktop/command line tool it does not provide this mechanism for exploiting the vulnerability.

Provar does not log any server activity and offers no other mechanisms by which an attacker could inject these strings into Log4j.

We use cookies to better understand how our website is used so we can tailor content for you. For more information about the different cookies we use please take a look at our Privacy Policy.

Scroll to Top