On December 9, 2021, a security vulnerability related to Apache Log4j was disclosed to the public. Apache Log4j is a logging tool used in many Java-based applications, including business systems, and embedded in major software applications such as Windows and Linux. Absco  Solutions was made aware of this issue on December 14.

This vulnerability, named Log4Shell or LogJam (tracked as CVE-2021-44228), puts any device or application that is connected to the internet at risk if it is running the affected version of Apache Log4j. If an attacker manages to exploit it on a vulnerable server, they may gain the ability to execute arbitrary code and potentially take full control of your system.

Absco Solutions is working with our vendor partners to determine if their product lines and/or software applications may be affected by this vulnerability. As of writing, our vendors are actively responding to the threat and appear to be minimally impacted. We will immediately inform you of any risk mitigation measures that need to be taken for any vulnerable product or application.

Avigilon has provided the following information:

Avigilon Cloud Service and Avigilon Control Manager are not affected by Apache Log4j. 

Avigilon Compass is affected. A mitigation procedure will available by Dec 17th and a hot fix with full resolution will be available by Dec 31st.

Further product-specific information is available here.

Hirsch Identiv has provided the following information:

Identiv's Velocity Vision is not affected. There will be some patches for the Liberty and Freedom access control product lines coming out shortly. Absco will communicate those fixes as they are available.

Bosch Security has provided the following information:

Bosch's Remote Programming Software (RPS) is not affected by Apache Log4j.

If you have further questions about the potential impact of this threat, please contact us at info@abscosolutions.com