2021-12-15 Security Advisory for Log4Shell vulnerability in OBSS apps on Jira Server and Jira Data Center
| Title | Security Advisory for Log4Shell vulnerability about OBSS apps on Jira Server and Jira Data Center |
| Summary | Log4Shell vulnerability in the OBSS apps listed below was fixed |
| Security Advisory Release Date | 15.12.2021 |
| Severity | Critical |
| Affected Products | Field Sync Service Desk Reporter |
| Affected Version(s) | All Field Sync versions before 5.6.3 All Service Desk Reporter versions before 2.3.5 |
| Fixed Version(s) | Field Sync 5.6.3 and above Service Desk Reporter 2.3.5 and above |
| Details | A vulnerability in the widely used log4j library was published on Dev 9th 2021. Details can be found here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 Field Sync (v5.6.2 and earlier) and Service Desk Reporter (v2.3.4 and earlier) use this library and are thought to be exposed to this vulnerability. |
| Workaround | Workarounds for this vulnerability (if any) can be found in the referenced CVE record https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 |
| Permanent Fix | Upgrade to Field Sync 5.6.3 or above. Upgrade to Field Service Desk Reporter 2.3.5 or above. |
| What you should do | If you are using Field Sync or Service Desk Reporter apps on your Jira Server or Jira Data Center instances, you should update your apps ASAP. |
| Support | If you have questions, you can reach the OBSS support team through htttps://pluginsupport.obss.com.tr/ or by sending an e-mail to plugin@obss.com.tr |
| Frequently Asked Questions (FAQ) |
|