Does it affect RPA Supervisor?
RPA Supervisor does not utilize the Log4j code library in its software. RPA Supervisor is largely built on Microsoft technologies and not Java.
The vulnerability, therefore, does not affect the RPA Supervisor software.
What is Log4j?
Apache Log4j is a Java-based logging utility largely used in software applications. It is part of the Apache Logging Services, a project of the Apache Software Foundation. Log4j is one of several Java logging frameworks.
What you need to know about the Log4j vulnerability
Also known as Log4shell, Apache’s Log4j security update explains that in versions 2.14.1 and under of the library, JNDI features used in the configuration, log messages, and parameters, do not protect against attacker-controlled LDAP and other JNDI related endpoints.
This allows attackers that gain control over log messages or log message parameters to execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. Since it was discovered, Apache quickly fixed this issue and released log4j version 2.15.0, where this behavior has been disabled by default.
This issue is particularly concerning because of how widely used this open-source library is, supporting millions of Java applications to log error messages. According to Symantec, exploit attempts have already been detected in the wild, with exploit code being shared publicly and multiple attackers are already attempting to exploit it.