FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

We are using MCSDK 5.3.2 and we have log4j problems. How can I solve them?

ddan.2
Associate II

‎2021-12-27 01:46 AM

 
Labels:
0 Kudos
5 REPLIES 5
Imen.D
ST Employee

‎2021-12-27 02:38 AM

Hello @ddan.2​ 

You will find a detailed report in this post: STM32Cube tools and log4j

Imen

When your question is answered, please close this topic by clicking "Accept as Solution".
Thanks
Imen
0 Kudos
ddan.2
Associate II
In response to Imen.D

‎2021-12-27 02:44 AM

Hi Imen,

The file we are concerned about is "STMicroelectronics\MC_SDK_5.3.2\Utilities\PC_Software\STMCWB\WB_to_Mx\WB_to_Mx.jar", and there is no problem with this file, right?

0 Kudos
ddan.2
Associate II
In response to Imen.D

‎2022-01-13 05:00 PM

Hi Imen,

We can't use "workbench" right now because of this file.

Is there any update?​

thanks.

0 Kudos
cedric H
ST Employee
In response to ddan.2

‎2022-02-01 12:52 AM

Hello @ddan.2​ ,

What do you mean by "we can't use "workbench" " ?

Do you have some protection tools on your PC that prevent you to run the executable ?

Workbench does not provide any services accessible to the internet, that's why we did not identify any risk of remote code execution using CVE-2021-44228.

Regards

Cedric

0 Kudos
ddan.2
Associate II
In response to ddan.2

‎2022-02-13 07:10 PM

Hi Cedric

Due to log4j issue, our MIS system detected risk file

"STMicroelectronics\MC_SDK_5.3.2\Utilities\PC_Software\STMCWB\WB_to_Mx\WB_to_Mx.jar",

we have to uninstall "workbance".

0 Kudos
Top