Absco Speaks

Security Alert: Apache Log4j Vulnerability

Dec 16, 2021 12:19:24 PM / by Absco Solutions

Server room image v3-3

On December 9, 2021, a security vulnerability related to Apache Log4j was disclosed to the public. Apache Log4j is a logging tool used in many Java-based applications, including business systems, and embedded in major software applications such as Windows and Linux. Absco  Solutions was made aware of this issue on December 14.

 

This vulnerability, named Log4Shell or LogJam (tracked as CVE-2021-44228), puts any device or application that is connected to the internet at risk if it is running the affected version of Apache Log4j. If an attacker manages to exploit it on a vulnerable server, they may gain the ability to execute arbitrary code and potentially take full control of your system.

 

Absco Solutions is working with our vendor partners to determine if their product lines and/or software applications may be affected by this vulnerability. As of writing, our vendors are actively responding to the threat and appear to be minimally impacted. We will immediately inform you of any risk mitigation measures that need to be taken for any vulnerable product or application.

 

Avigilon has provided the following information:

Avigilon Cloud Service and Avigilon Control Manager are not affected by Apache Log4j. 

Avigilon Compass is affected. A mitigation procedure will available by Dec 17th and a hot fix with full resolution will be available by Dec 31st.

Further product-specific information is available here.

 

Hirsch Identiv has provided the following information:

Identiv's Velocity Vision is not affected. There will be some patches for the Liberty and Freedom access control product lines coming out shortly. Absco will communicate those fixes as they are available.

 

Bosch Security has provided the following information:

Bosch's Remote Programming Software (RPS) is not affected by Apache Log4j.

 

If you have further questions about the potential impact of this threat, please contact us at info@abscosolutions.com

 

Tags: IT Security

Absco Solutions

Written by Absco Solutions

Absco Solutions is your facility vulnerability expert. We collaborate with you to determine where your organization’s safety and security could be improved, then design systems that integrate best-in-class products to protect what’s important to you. Specializing in multiple building campuses, we’ve been supplying the Northwest with safety and security systems for more than 40 years, a testament to happy clients and our deep expertise.

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts