Burp Suite User Forum

Login to post

log4j2 vulnerability for Burp Suite Enterprise Edition Version: 2022.11-11262, Java version: 17.0.5

Harjinder | Last updated: Jan 23, 2023 03:39PM UTC

Hi, Our company is using Burp Suite Enterprise Edition Version: 2022.11-11262, Java version: 17.0.5. Could you please clarify if is this version or Burp Suite Enterprise affected by newly discovered log4j vulnerability. If yes, Please provide the remediation steps. Thanks

James, PortSwigger Agent | Last updated: Jan 24, 2023 11:05AM UTC

Hi Harjinder,

Thanks for your message.

Burp Suite Enterprise uses a custom-built JDK, and I can confirm we don't use log4j for logging. We have audited Burp Enterprise, and it is not vulnerable.

Please let us know if you need anything else.

Harjinder | Last updated: Jan 24, 2023 09:28PM UTC

Thanks James for your response. Got your Detailed email response also.

You need to Log in to post a reply. Or register here, for free.