2wcom not using log4j

Luckily our products are not using any java based software components and are not affected by the Log4Shell vulnerability.*

All products have been checked for this vulnerability.

Some of our products required a deeper inspection of all packets to guarantee that no software is affected by the Log4Shell vulnerability. We don’t rely solely on our vulnerability scanners to detect this due to the nature of this security flaw. Therefore we have checked every single package that is shipped together with our software.

All MoIN Software users that are using their own linux distributions, please make sure you have not installed any packages that are using log4j or update them as soon as possible. Here is an article that might help you to check your linux distribution: https://serverfault.com/questions/1086065/how-do-i-check-if-log4j-is-installed-on-my-server

You can read more about the background of this vulnerability here: https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/

Additionally, there are some very nice software lists and vendor statements on Github: https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

 

We hope that you are not affected by the log4j mayhem and that all your services continue to operate.

 

*our HDR-CC is the only product that is using log4j. The java runtime in this product includes an older log4j version that is not vulnerable to Log4Shell.