- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I'm looking to inquire about any susceptibilities regarding the log4j vulnerability.
I've found .jar files under the intelFPGA directory relating to log4j (relating to Eclipse). Could you confirm that this (or any other element relating to Quartus Prime) is not a risk to our systems?
Thanks in advance,
James
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi jamesd1,
There is a previous case about log4j security found in software developer forum.
https://community.intel.com/t5/Intel-Fortran-Compiler/log4j-security-problem/m-p/1343688
Probably can answer your question.
If not you can open a new thread in software developer forum. Your question may get better confirmation there.
Best regards,
Sheng
p/s: If any answer from the community or Intel support are helpful, please feel free to give Kudos.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi jamesd1,
Here is an update from internal regarding log4j.
SMG released this internal document regarding Log4Shell. There is a list of unaffected products. Please check here for more information.
Thank you.
Best regards,
Sheng
p/s: If any answer from the community or Intel support are helpful, please feel free to give Kudos.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sheng,
Thank you for your reply and apologies for the delayed response over the holidays.
I can't seem to be able to access the links posted in your most recent message. I'm getting the following error message (with email addresses, etc redacted for the sake of public posting):
Message: AADSTS90072: User account [REDACTED] from identity provider [REDACTED] does not exist in tenant 'Intel Corporation' and cannot access the application '00000003-0000-0ff1-ce00-000000000000'(Office 365 SharePoint Online) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account
I've attempted to use alternative browsers, computers and accounts to access this link, but with no luck.
Is the link broken and might there be an alternative link I could use?
Kind regards,
James
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi jamesd1,
If you can't access the links posted in previous post, may be you can go to the latest link stated below.
For the latest information on Intel’s response to the Log4j/Log4Shell vulnerability, please see Intel-SA-00646
Best regards,
Sheng
p/s: If any answer from the community or Intel support are helpful, please feel free to give Kudos.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sheng,
Thanks for that link. Quartus Prime isn't mentioned anywhere on that page though.
The main thing that would concern me is that I've found .jar files under the intelFPGA directory relating to log4j (used for the Eclipse plugin). Is it possible that this hasn't been noticed and addressed yet? And could it also be used elsewhere in the program?
I'm using version 18.1, but the release notes for more recent versions don't mention log4j, so I'd assume from this that it hasn't been patched. Would this present a security vulnerability on our systems?
Kind regards,
James
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi jamesd1,
If you have information about a security issue or vulnerability with an Intel branded product or technology, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key .
Please provide as much information as possible, including:
The products and versions affected
Detailed description of the vulnerability
Information on known exploits
You can try the email stated above. May be can get better confirmation there.
Hope it helps.
Best regards,
Sheng
p/s: If any answer from the community or Intel support are helpful, please feel free to give Kudos.

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page