Verified Product Security
Apache Log4J Vulnerability - Impact for Verified systems
Verified is aware of the recently identified Apache Log4J vulnerability (CVE-2021-44228) and the investigations carried out across the inventory of products and systems and third-party programs have concluded that Verified is not vulnerable to this threat.
Verified will continue to monitor the Apache security updates and provide status updates on a regular basis if additional information about product security becomes available.
On December 9, 2021, the following vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions prior to 2.15.0 was disclosed:
CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker-controlled LDAP and other JNDI related endpoints
For a description of this vulnerability, see the Fixed in Log4j 2.16.0 section of the Apache Log4j Security Vulnerabilities page.
What should I do next?
Refer to this security notice regarding the Verified products and please inform your Verified users that our product has not been affected in any way by this critical vulnerability.
At this time, Verified recommends organizations running Apache Log4j take the following actions:
- Check for vulnerable versions of Apache Log4j in your environments and applications.
- Implement the latest patch to production environments as soon as possible.
- Monitor Apache security bulletins