Update on Log4j Vulnerability


December 15, 2021

On 9 December 2021, Soliton Systems was made aware of a security event impacting Apache Software Log4j v2.x. The vulnerability, known as Log4Shell or LogJam (CVE-2021-44228), has been actively investigated by Soliton. The following is a list of products Soliton analysed so far and found not vulnerable to CVE-2021-44228.

ON PREMISES PRODUCTS

 

NETWORK ACCESS CONTROL

Product Name  

Impact

NetAttest EPS

Not affected

NetAttest EPS-ap

Not affected

NetAttest LAP

Not affected

NetAttest LAP Manager

Not affected

NetAttest LAP One

Not affected

 

REMOTE ACCESS

SecureGateway / SecureFile / SecureBrowser

Not affected

G/On 5

Not affected
G/On 5 is using Java for the client applications G/On Configuration and G/On Management. Log4j v2.x is not part of these applications

G/On 7

Not affected
G/On 7 is not using Java

FileZen

Not affected

MobiControl

Not affected, see statement SoTi MobiControl

SecureDesktop Client and Streamer

Not affected

MailZen Gateway – On-Premise

Not affected

 

CLOUD SERVICES

Product Name  

Impact

SecureDesktop

Not affected

MobiControl

Not affected, see statement SoTi MobiControl

 

AFFECTED PRODUCTS

Product

Fixed release availability

MailZen Management Portal – On-Premise

Please apply the log4j2.formatMsgNoLookups=true switch to the TOMCAT configuration

Fixed Portal versions (v2.36.2, v2.37.3, v2.38.2) are available in the product service desk

MailZen Management - Cloud Service

13 DEC 2021 16:00 CET

MailZen Push Server

13 DEC 2021 16:00 CET

 

Future updates will be made here and security bulletins for affected products will be posted on Soliton ServiceDesk.

 

Soliton Systems