Sage 300

Welcome to the Sage 300 Support Group on Community Hub! Available 24/7, the Forums are a great place to ask and answer product questions, as well as share tips and tricks with Sage peers, partners, and pros.

CVE-2022-42889 - Text4Shell

Posted By jgibso over 1 year ago

Just wondering if Sage 300 (or any Sage product) is vulnerable to the new Text4Shell vulnerability?

In a recent security scan the following files came up vulnerable file:
c:\sage\sage300erp\gs\solr\server\solr-webapp\webapp\web-inf\lib\commons-text-1.6.jar

Thanks!

Parents

0 Anthony Yager over 1 year ago

The Solr team has evaluated CVE-2022-42889 and confirmed they don't use the Commons Text tool in the vulnerable method. See the entries dated 20 Oct 2022.

cwiki.apache.org/.../SolrSecurity
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Anthony Yager over 1 year ago

The Solr team has evaluated CVE-2022-42889 and confirmed they don't use the Commons Text tool in the vulnerable method. See the entries dated 20 Oct 2022.

cwiki.apache.org/.../SolrSecurity
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data

Sage 300

CVE-2022-42889 - Text4Shell

COMMUNITY

COMPANY

PARTNERS

SUPPORT & TRAINING