Apache Log4net vulnerability CVE-2018-1285

Applicable product: PRISMAprepare

This exploit targets Log4net configuration files.  However, PRISMAprepare does not support the loading of custom configuration files, which effectively prevents users from introducing or executing a maliciously crafted configuration.

We remain committed to strengthening the security posture of PRISMAprepare and will include improvements in a future release.  Further details will be shared once available.