Networker 8.1.2 log4j vulnerability

As NW 8.x is unsupported by now, you will most likely not receive any official document with respect to this issue.

Keep in mind, that for these NW versions, pure JRE was required. Consequently, all rules with respect to this software will apply. So you better read the appropriate Oracle documents.

As nw is only affected from nw 19.4 and nw19.5, I'd expect older versions not to be affected.

Took also way too long for Dell to realize that also nw19.2 an 19.3 were not affected, even though initially reported for nearly 2 weeks that they were.

The Logpresso log4j scan tool Dell referred to to scan systems with looking for any log4j issues (even log4j 1.x) and mitigate against it by deleting the compromised parts, showed nw19.3 not as affected as it uses log4j 1.x.

It was the other way round for dpa clients, we have running on nw servers. Wasn't stated as affected, but the scan tool showed it to be. After 2 weeks suddenly also dpa was reported as vulnerable.

So when in doubt, use the Logpresso log4j scan tool, I also ran it on my own laptop, and it showed some tp-link switch software to be vulnerable.

Running nw8.x by itself should be considered vulnerable in the sense it isn't supported nor patched for some time now, with all possible risks coming with it.

I'd rather find out a new piece of supported software is vulnerable and treat it accordingly, than not knowing about issues with the old unsupported software.