SOLABS is aware of the vulnerability that was recently discovered in relation to Log4j (CVE-2021-44228). It was determined that Log4j 2 versions between 2.0-beta9 and 2.14.1 are affected by this vulnerability. A similar vulnerability (CVE-2019-17571) was also listed for Log4j 1.2.0 to 1.2.17, this vulnerability is specific to the SocketServer class.
Update 15-Dec-2021, 7:00 PM EST:
Risk for SOLABS' clients is limited.
SOLABS' clients (Authorized Level II Contacts) have been contacted with further details.
SOLABS continues to apply patches and preventive actions.
If SOLABS becomes aware of unauthorized access to customer data, we will notify impacted customers without undue delay.
References:
https://logging.apache.org/log4j/2.x/security.html
https://nvd.nist.gov/vuln/detail/CVE-2019-17571
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Comments
0 comments
Please sign in to leave a comment.