{"id":5180,"date":"2021-12-14T19:36:39","date_gmt":"2021-12-14T19:36:39","guid":{"rendered":"https:\/\/www.directimpactsolutions.com\/vulnerabilite-de-la-bibliotheque-java-apache-log4j-et-filemaker\/"},"modified":"2025-05-01T05:20:02","modified_gmt":"2025-05-01T05:20:02","slug":"log4j-et-filemaker","status":"publish","type":"post","link":"https:\/\/www.directimpactsolutions.com\/fr\/log4j-et-filemaker\/","title":{"rendered":"Vuln\u00e9rabilit\u00e9 de la biblioth\u00e8que Java Apache Log4j et FileMaker"},"content":{"rendered":"

Le 9 d\u00e9cembre, une vuln\u00e9rabilit\u00e9 dans Apache Log4J a \u00e9t\u00e9 largement connue pour son potentiel destructeur. De nombreux syst\u00e8mes sont encore vuln\u00e9rables \u00e0 une attaque par cette m\u00e9thode, connue sous le nom de Log4Shell.<\/p>

Dans quelle mesure l’exploit Log4Shell peut-il \u00eatre nuisible sur un serveur ?<\/strong><\/strong><\/p>

Log4Shell est un exploit de type \u00ab\u00a0zero-day\u00a0\u00bb qui permet \u00e0 un attaquant de tromper Log4j en t\u00e9l\u00e9chargeant un paquet malveillant qui s’ex\u00e9cute sur le serveur. Ce paquet peut alors voler des donn\u00e9es et utiliser le serveur pour d’autres t\u00e2ches malveillantes.<\/p>

Ma solution FileMaker est-elle touch\u00e9e ?<\/strong><\/p>

Voici la d\u00e9claration officielle<\/a> de Claris sur ce probl\u00e8me. Des traces de la biblioth\u00e8que java en question ont \u00e9t\u00e9 trouv\u00e9es dans toutes les versions de FileMaker Server, \u00e0 l\u2019exception de FileMaker Server 18 et 19. Log4j peut \u00e9galement \u00eatre trouv\u00e9 sur des sites Web, des composants Web (tels que les plugins WordPress), des plugins FileMaker, etc.<\/p>

Find more information on the Log4Shell exploit here<\/a>.<\/p>

Cela affecte-t-il ma solution s’il n’y a pas d’acc\u00e8s externe au r\u00e9seau local ?<\/strong><\/p>

Malheureusement, cette configuration est toujours vuln\u00e9rable aux attaques. Une machine \u00e0 l’int\u00e9rieur du r\u00e9seau pourrait \u00eatre exploit\u00e9e s\u00e9par\u00e9ment et utilis\u00e9e pour attaquer le serveur.<\/p>

Que puis-je faire pour prot\u00e9ger ma solution ?<\/strong><\/p>

La seule solution permettant d\u2019att\u00e9nuer le risque consiste \u00e0 effectuer une mise \u00e0 jour vers FileMaker Server 18 ou 19. Certains autres composants ou logiciels peuvent encore comporter une version vuln\u00e9rable de la biblioth\u00e8que Log4j, comme un plugin FileMaker ou un site\/composant Web.<\/p>

Contactez votre consultant FileMaker avant de proc\u00e9der \u00e0 la mise \u00e0 jour de votre serveur, car toutes les mises \u00e0 jour doivent \u00eatre effectu\u00e9es au cas par cas avec les pr\u00e9cautions appropri\u00e9es. Vous pouvez nous contacter<\/a> si vous avez des questions sur la mise \u00e0 jour ou si vous envisagez de mettre votre serveur \u00e0 jour.<\/p>

Cet article est destin\u00e9 \u00e0 des fins d’information uniquement. Veuillez consulter votre d\u00e9veloppeur FileMaker avant d’apporter des modifications \u00e0 votre solution.<\/p>","protected":false},"excerpt":{"rendered":"

Des traces de la biblioth\u00e8que java en question ont \u00e9t\u00e9 trouv\u00e9es dans toutes les versions de FileMaker Server, \u00e0 l’exception de FileMaker Server 19. Log4j peut \u00e9galement \u00eatre trouv\u00e9 sur des sites Web, des composants Web (tels que les plugins WordPress), des plugins FileMaker, etc.<\/p>\n","protected":false},"author":6,"featured_media":5177,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"","footnotes":""},"categories":[34],"tags":[191,192],"class_list":["post-5180","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-low-code","tag-log4j-fr","tag-log4shell-fr"],"uagb_featured_image_src":{"full":["https:\/\/www.directimpactsolutions.com\/wp-content\/uploads\/2021\/12\/cloud-g38d7ffaa8_1920.jpg",1920,1280,false],"thumbnail":["https:\/\/www.directimpactsolutions.com\/wp-content\/uploads\/2021\/12\/cloud-g38d7ffaa8_1920-150x150.jpg",150,150,true],"medium":["https:\/\/www.directimpactsolutions.com\/wp-content\/uploads\/2021\/12\/cloud-g38d7ffaa8_1920-300x200.jpg",300,200,true],"medium_large":["https:\/\/www.directimpactsolutions.com\/wp-content\/uploads\/2021\/12\/cloud-g38d7ffaa8_1920-768x512.jpg",768,512,true],"large":["https:\/\/www.directimpactsolutions.com\/wp-content\/uploads\/2021\/12\/cloud-g38d7ffaa8_1920-1024x683.jpg",1024,683,true],"1536x1536":["https:\/\/www.directimpactsolutions.com\/wp-content\/uploads\/2021\/12\/cloud-g38d7ffaa8_1920-1536x1024.jpg",1536,1024,true],"2048x2048":["https:\/\/www.directimpactsolutions.com\/wp-content\/uploads\/2021\/12\/cloud-g38d7ffaa8_1920.jpg",1920,1280,false],"woocommerce_thumbnail":["https:\/\/www.directimpactsolutions.com\/wp-content\/uploads\/2021\/12\/cloud-g38d7ffaa8_1920-300x300.jpg",300,300,true],"woocommerce_single":["https:\/\/www.directimpactsolutions.com\/wp-content\/uploads\/2021\/12\/cloud-g38d7ffaa8_1920.jpg",600,400,false],"woocommerce_gallery_thumbnail":["https:\/\/www.directimpactsolutions.com\/wp-content\/uploads\/2021\/12\/cloud-g38d7ffaa8_1920-100x100.jpg",100,100,true]},"uagb_author_info":{"display_name":"Direct Impact Solutions","author_link":"https:\/\/www.directimpactsolutions.com\/fr\/author\/direct-impact-solutions\/"},"uagb_comment_info":0,"uagb_excerpt":"Des traces de la biblioth\u00e8que java en question ont \u00e9t\u00e9 trouv\u00e9es dans toutes les versions de FileMaker Server, \u00e0 l'exception de FileMaker Server 19. Log4j peut \u00e9galement \u00eatre trouv\u00e9 sur des sites Web, des composants Web (tels que les plugins WordPress), des plugins FileMaker, etc.","_links":{"self":[{"href":"https:\/\/www.directimpactsolutions.com\/fr\/wp-json\/wp\/v2\/posts\/5180","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.directimpactsolutions.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.directimpactsolutions.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.directimpactsolutions.com\/fr\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.directimpactsolutions.com\/fr\/wp-json\/wp\/v2\/comments?post=5180"}],"version-history":[{"count":13,"href":"https:\/\/www.directimpactsolutions.com\/fr\/wp-json\/wp\/v2\/posts\/5180\/revisions"}],"predecessor-version":[{"id":20107,"href":"https:\/\/www.directimpactsolutions.com\/fr\/wp-json\/wp\/v2\/posts\/5180\/revisions\/20107"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.directimpactsolutions.com\/fr\/wp-json\/wp\/v2\/media\/5177"}],"wp:attachment":[{"href":"https:\/\/www.directimpactsolutions.com\/fr\/wp-json\/wp\/v2\/media?parent=5180"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.directimpactsolutions.com\/fr\/wp-json\/wp\/v2\/categories?post=5180"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.directimpactsolutions.com\/fr\/wp-json\/wp\/v2\/tags?post=5180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}