[SA-0006][SS-4958] log4j vulnerability is a non-issue for Sippy Software
Phillip Ma
started a topic
over 2 years ago
A recent exploit listed as CVE-2021-44228 was made public less than a week ago from the date of this topic. This exploit impacts Apache Log4j versions 2.0-beta9 to 2.1.4.1. This security vulnerability has some serious implications because it is easy to trigger and can be used to perform remote code execution in vulnerable systems allowing an attacker to gain full control of them. This utility is also very commonly used in a wide range of applications and of great concern to system administrators.
After review by our security and development teams Sippy Software we have determined our software is not vulnerable to this type of attack. We have reviewed our code and we have verified that the Apache Log4j utility is not used by our software. Therefore this security vulnerability is a non-issue for customers using our software.
additional information about the log4j vulnerability can be found here for your information:
Phillip Ma
A recent exploit listed as CVE-2021-44228 was made public less than a week ago from the date of this topic. This exploit impacts Apache Log4j versions 2.0-beta9 to 2.1.4.1. This security vulnerability has some serious implications because it is easy to trigger and can be used to perform remote code execution in vulnerable systems allowing an attacker to gain full control of them. This utility is also very commonly used in a wide range of applications and of great concern to system administrators.
After review by our security and development teams Sippy Software we have determined our software is not vulnerable to this type of attack. We have reviewed our code and we have verified that the Apache Log4j utility is not used by our software. Therefore this security vulnerability is a non-issue for customers using our software.
additional information about the log4j vulnerability can be found here for your information:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/12/log4j-zero-day-log4shell-arrives-just-in-time-to-ruin-your-weekend/
Thank you!
Phillip Ma
Product Manager
Sippy Software
1 person likes this