Update on Log4j Vulnerability


On 9 December 2021, Soliton Systems was made aware of a security event impacting Apache Software Log4j v2.x. The vulnerability, known as Log4Shell or LogJam (CVE-2021-44228), has been actively investigated by Soliton. The following is a list of products Soliton analysed so far and found not vulnerable to CVE-2021-44228.

ON PREMISES PRODUCTS

 

NETWORK ACCESS CONTROL

Product Name  

Impact

NetAttest EPS

Not affected

NetAttest EPS-ap

Not affected

NetAttest LAP

Not affected

NetAttest LAP Manager

Not affected

NetAttest LAP One

Not affected

 

REMOTE ACCESS

SecureGateway / SecureFile / SecureBrowser

Not affected

G/On 5

Not affected
G/On 5 is using Java for the client applications G/On Configuration and G/On Management. Log4j v2.x is not part of these applications

G/On 7

Not affected
G/On 7 is not using Java

FileZen

Not affected

MobiControl

Not affected, see statement SoTi MobiControl

SecureDesktop Client and Streamer

Not affected

MailZen Gateway – On-Premise

Not affected

 

CLOUD SERVICES

Product Name  

Impact

SecureDesktop

Not affected

MobiControl

Not affected, see statement SoTi MobiControl

 

AFFECTED PRODUCTS

Product

Fixed release availability

MailZen Management Portal – On-Premise

Please apply the log4j2.formatMsgNoLookups=true switch to the TOMCAT configuration

Fixed Portal versions (v2.36.2, v2.37.3, v2.38.2) are available in the product service desk

MailZen Management - Cloud Service

13 DEC 2021 16:00 CET

MailZen Push Server

13 DEC 2021 16:00 CET

 

Future updates will be made here and security bulletins for affected products will be posted on Soliton ServiceDesk.

 

Soliton Systems

Subscribe Here!

Articles you might enjoy

View All

Soliton Wins 2 Top Awards at Interop Tokyo 2022