Vulnerability in Apache Log4j

21 May 2026
0 Answers
Updated 21 May 2026
16 Views (30 days)

0 votes

Please provide instructions on how to update Apache Log4j particularly log4j-core-2.17.1.jar
This file shows medium vulnerability (CVE-2026-34480) and high vulnerability (CVE-2026-34477) on my Nessus scans. Thank you

1 Comment
Show -1 older comments Hide -1 older comments

dpb
dpb about 5 hours ago
Edited: dpb less than a minute ago
See <an earlier Q?>.
ADDENDUM
An AI-generated response states:
These CVEs affect Apache Log4j components, but MATLAB does not configure or invoke the vulnerable logging features:
  • CVE-2026-34480: An XXE vulnerability in Log4j's XmlLayout. MATLAB does not use this configuration.
  • CVE-2026-34477: A TLS hostname verification bypass. MATLAB does not configure its internal Log4j instances to use the vulnerable network or TLS appenders.
Note for Security Scanners:
Because Log4j packages are bundled within MATLAB and its third-party support packages, automated vulnerability scanners often flag them by simply reading the version number.
It (the AI bot) claims there is an official Mathworks response that confirms the above, but like @Walter Roberson, I've yet to find any response posted by a Mathworks staffer or the Mathworks Support Group. However, given the description of the particular vulnerabilities, the above assessments appear reasonable evaluations.

Sign in to comment.

Sign in to answer this question.

Answers (0)

Products

Release

R2022a

Tags

Asked:

Sherwin
Sherwin
about 12 hours ago

Edited:

dpb
dpb
about 7 hours ago

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!