QNAP Core OS and Apps are not affected by log4j vulnerability but you may still be vulnerable

Akash jain Estimated Read Time: 1 Minutes
Many QNAP owners have asked us for information about the Log4j vulnerability, whether it affects QNAP devices, and what they can do to protect themselves.

QNAP does not have just one OS - they have 3 - the oldest QTS, the Enterprise QES and the new QTS Hero. All 3 OS are not affected by the Log4j vulnerability.

Qnap has also confirmed that their core apps are not vulnerable to Log4j, so the QNAP core OS and the apps are secure.

Third-party apps, virtualized apps, or Docker apps could still be vulnerable. QNAP has disabled many apps in the App Store that were vulnerable, but not all are disabled. For example, if you have a Docker app installed, QNAP cannot disable it.

If you are concerned about this - Perform an app audit - make a list of all the apps you use and check if any of them use log4j. Remove, disable or patch the app that you are not using or that is vulnerable.

Add a comment

* Comments must be approved before being displayed.