Desoutter Software(s): Apache Log4j Security Flaw

Regarding the recently released information that there is a security vulnerability when utilizing the log4j facility. We have analysed our software offers and found that there is no risk of an attacker making use of the log4j facility to take control of a server/system for malicious intent.  Please see a summary for each software below.


CVI Net Web

  • Log4j Present/Version not applicable


DeMeter SOLO

  • Log4j Present/Version applicable

The Log4j facility is used within our third party search engine (used to retrieve data from our stored data) but is only accessible locally. A user would already have full access to the system/server via otherer means in order to make use of it. Next version release, environment variables will be altered so that we are not vulnerable by default and therefore totally eliminate risk.


Pivotware

  • Log4j Not Present


CVI Config / CVI Monitor / CVI Analyzer

  • Log4j Not Present


CVIPC2000

  • Log4j Not Present


For more information about this post, please contact our support team here 


Login or Signup to post a comment