Update on Log4j Vulnerability

On 9 December 2021, Soliton Systems was made aware of a security event impacting Apache Software Log4j v2.x. The vulnerability, known as Log4Shell or LogJam (CVE-2021-44228), has been actively investigated by Soliton. The following is a list of products Soliton analysed so far and found not vulnerable to CVE-2021-44228.

ON PREMISES PRODUCTS

NETWORK ACCESS CONTROL
Product Name	Impact
NetAttest EPS	Not affected
NetAttest EPS-ap	Not affected
NetAttest LAP	Not affected
NetAttest LAP Manager	Not affected
NetAttest LAP One	Not affected

REMOTE ACCESS
SecureGateway / SecureFile / SecureBrowser	Not affected
G/On 5	Not affected G/On 5 is using Java for the client applications G/On Configuration and G/On Management. Log4j v2.x is not part of these applications
G/On 7	Not affected G/On 7 is not using Java
FileZen	Not affected
MobiControl	Not affected, see statement SoTi MobiControl
SecureDesktop Client and Streamer	Not affected
MailZen Gateway – On-Premise	Not affected

CLOUD SERVICES

Product Name	Impact
SecureDesktop	Not affected
MobiControl	Not affected, see statement SoTi MobiControl

AFFECTED PRODUCTS

Product	Fixed release availability
MailZen Management Portal – On-Premise	Please apply the log4j2.formatMsgNoLookups=true switch to the TOMCAT configuration Fixed Portal versions (v2.36.2, v2.37.3, v2.38.2) are available in the product service desk
MailZen Management - Cloud Service	13 DEC 2021 16:00 CET
MailZen Push Server	13 DEC 2021 16:00 CET

Future updates will be made here and security bulletins for affected products will be posted on Soliton ServiceDesk.

Update on Log4j Vulnerability

Soliton Systems

Subscribe Here!

Articles you might enjoy

Soliton Wins 2 Top Awards at Interop Tokyo 2022

Soliton wins Grand Prize at Interop Tokyo 2018

Soliton Systems addresses need of remote working on company desktop computers