View Source

--- *In regards to CVE-2021-44228 : Apache Log4j2 / Log4Shell* --\-
The R1Soft team has evaluated the implementation of log4j used in our Server Backup Manager software, and has determined the version in use by the SBM is *NOT* affected by the Log4Shell Apache Log4j2 vulnerability reported in CVE-2021-44228.
The log4j version used by the SBM is outside of the affected range of versions. 
{color:windowtext}Risk Assessment :{color} {color:windowtext}{*}{+}Not Vulnerable{+}{*}{color}

--- *In regards to CVE-2021-4104 : A flaw was found in the Java logging library Apache Log4j in version 1.x* --\-
This CVE is specifically configuring a JNDIAppender with log4j. This is not a configuration used by the Server Backup Manager.
{color:windowtext}Risk Assessment :{color} {color:windowtext}{*}{+}Not Vulnerable{+}{*}{color}