Versions Compared

Old Version 16

changes.mady.by.user Gerben Boot

Saved on

compared with

New Version Current

changes.mady.by.user Camiel van Breugel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Updated: 6th of January 2022

Statement

Friday, 10 December 2021, our OWASP-scan alerted us to a vulnerability in Log4J, a commonly used open-source library for java applications. https://nvd.nist.gov/vuln/detail/CVE-2021-44228

Analysis Delft-FEWS components and Log4Shell vulnerability CVE-2021-44228.

Worldwide, many java-based applications suffer from the Log4Shell vulnerability CVE-2021-44228. This is caused by a vulnerability in a log4j2 library. The log4j-core-2.11.1.jar is also shipped with the Delft-FEWS software in the 2018.02 - 2021.02 releases. Our users are right in demanding clarity of Deltares whether Delft-FEWS is impacted.  Here is our summary of our analysis on the Delft-FEWS software. 

...