Showing results for 
Search instead for 
Did you mean: 

Systemlink and NI web server - Possible Log4j vulnerability?

I have SystemLink installed on a PC. It is not so much that I wanted to use SystemLink, but I did need the NI web server, which is a key component within SystemLink.

The NI web server is based on Apache httpd and therefore I fear it might possibly be vulnerable for Log4j exploits.

I have not heard from NI yet on if/how this affects applications built on Systemlink or webservices using the NI web server or even the NI application server.




0 Kudos
Message 1 of 6

SystemLink doesn't include any Java-based services or 3rd party components, so it shouldn't be affected.


0 Kudos
Message 2 of 6

@aartjan, the official statement from NI is:


"NI is aware of CVE-2021-44228, which describes a critical vulnerability in Apache log4j. We are currently investigating to determine which, if any, products are affected by this. We will provide additional information as we learn more."
0 Kudos
Message 3 of 6



Is there a knowledgebase article link that has that information in it that will be updated once you have concluded your internal investigations? I'd like a statement that covers all NI software e.g. LabVIEW / Drivers / Toolkits for our auditing purposes.

LabVIEW Champion, CLA, CLED, CTD
0 Kudos
Message 4 of 6

@Sam_Sharp The best KnowledgeBase to follow is one that was published yesterday:

0 Kudos
Message 5 of 6

Does NI have any updates on this issue?

0 Kudos
Message 6 of 6