Regarding the recently released information that there is a security vulnerability when utilizing the log4j facility. We have analysed our software offers and found that there is no risk of an attacker making use of the log4j facility to take control of a server/system for malicious intent. Please see a summary for each software below.
CVI Net Web
The Log4j facility is used within our third party search engine (used to retrieve data from our stored data) but is only accessible locally. A user would already have full access to the system/server via otherer means in order to make use of it. Next version release, environment variables will be altered so that we are not vulnerable by default and therefore totally eliminate risk.
CVI Config / CVI Monitor / CVI Analyzer
For more information about this post, please contact our support team here