I'm attempting to find out if X-Cart has been affected by the Log4j vulnerability in any way. I have reached out to the X-Cart support team about this issue and did not receive a response.
I have run the scanner manually on the core X-Cart application. As expected the core X-Cart application was not affected by this vulnerability. I can not run the scanner on the APIs that X-Cart or X-Payments use, and do not maintain control over these items.
Did anyone reach out and receive a statement from the X-Cart team about the Log4j vulnerability and how X-Cart was impacted?
Reference
CISA Apache Log4j Vulnerability Guidance